Re: hmmm

This WebDNA talk-list message is from

2006


It keeps the original formatting.
numero = 67326
interpreted = N
texte = Eric Some of those can be controlled in your preferences. Stuart Tremain idfk web developments, sydney, australia On 31 May 2006, at 8:23 AM, Eric king wrote: > Those are not the only ones to look out for. > These need to be looked for also: > > search > delete > replace > function > tcpconnect > showcart > if > showif > then > else > ... > The list goes on. > > Does any one know if SM is going to patch this one? > > > > Jesse Proudman wrote: >> Here's what I'm using: >> >> RewriteEngine On >> RewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR] >> RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR] >> RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR] >> RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR] >> RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC] >> RewriteRule ^.*$ - [F] >> >> >> On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote: >> >>> Yikes. Any chance you can post the rewriterule for us? >>> >>> Thanks, >>> Bill >>> >>> >>> -----Original Message----- >>> From: Jesse Proudman >>> Sent: Tue, 30 May 2006 12:18:11 -0700 >>> To: "WebDNA Talk" >>> Subject: Re: hmmm >>> >>> [This was reported to SM a week or two ago] >>> >>> On a security note... >>> >>> http://www.smithmicro.com/?text=&!=&math >>> I solved this on my servers using Mod Rewrite, but every one may >>> want >>> to do something to block it on their boxes. Make sure you don't >>> store sensitive information (Authorize.net username / passwords, >>> etc) >>> in text vars until you've got it patched. >>> >>> >>> On May 30, 2006, at 11:38 AM, WJ Starck wrote: >>> >>>> Indeed. >>>> >>>> What else can ya say, in a day and age where security and >>>> extensibility are at the forefront of many an admin's mind? >>>> >>>> R.I.P. beloved WebDNA... >>> >>> -- >>> >>> Jesse Proudman >>> Blue Box Group, LLC >>> >>> p. +1.800.613.4305 x801 >>> e. jesse@blueboxgrp.com >>> >>> >>> >>> ------------------------------------------------------------- >>> This message is sent to you because you are subscribed to >>> the mailing list . >>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to >> digest@talk.smithmicro.com> >>> Web Archive of this list is at: http://webdna.smithmicro.com/ >>> >>> >>> >>> ------------------------------------------------------------- >>> This message is sent to you because you are subscribed to >>> the mailing list . >>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to >> digest@talk.smithmicro.com> >>> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> -- >> >> Jesse Proudman >> Blue Box Group, LLC >> >> p. +1.800.613.4305 x801 >> e. jesse@blueboxgrp.com >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > digest@talk.smithmicro.com> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> >> --No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.1.394 / Virus Database: 268.8.0/352 - Release Date: >> 5/30/2006 >> >> > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Hmmm ... and thanks! (Kenneth Grome 2008)
  2. Re: [WebDNA] Hmmm ... (Donovan Brooke 2008)
  3. Re: [WebDNA] Hmmm ... ("Jim Lanford." 2008)
  4. Re: [WebDNA] Hmmm ... (Christer Olsson 2008)
  5. Re: [WebDNA] Hmmm ... ("Dan Strong" 2008)
  6. Re: [WebDNA] Hmmm ... (Bob Minor 2008)
  7. RE: [WebDNA] Hmmm ... ("Olin Lagon" 2008)
  8. Re: [WebDNA] Hmmm ... (Govinda 2008)
  9. Re: [WebDNA] Hmmm ... (Gary Krockover 2008)
  10. RE: [WebDNA] Hmmm ... ("Michael A. DeLorenzo" 2008)
  11. Re: [WebDNA] Hmmm ... (Patrick McCormick 2008)
  12. Re: [WebDNA] Hmmm ... ("Brian Boegershausen" 2008)
  13. Re: [WebDNA] Hmmm ... (Govinda 2008)
  14. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  15. RE: [WebDNA] Hmmm ... ("Vincent Medina" 2008)
  16. Re: [WebDNA] Hmmm ... (Govinda 2008)
  17. Re: [WebDNA] Hmmm ... (Dylan Wood 2008)
  18. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  19. RE: [WebDNA] Hmmm ... ("Michael A. DeLorenzo" 2008)
  20. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  21. Re: [WebDNA] Hmmm ... (Bob Minor 2008)
  22. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  23. Re: [WebDNA] Hmmm ... (Stuart Tremain 2008)
  24. Re: [WebDNA] Hmmm ... (Kenneth Grome 2008)
  25. Re: [WebDNA] Hmmm ... (Terry Wilson 2008)
  26. [WebDNA] Hmmm ... (Kenneth Grome 2008)
  27. Re: hmmm ( Gary Krockover 2006)
  28. Re: hmmm ( "WebDna @ Inkblot Media" 2006)
  29. Re: hmmm ( "Howard Wolosky" 2006)
  30. Re: hmmm ( Donovan Brooke 2006)
  31. Re: hmmm ( Donovan Brooke 2006)
  32. Re: hmmm ( Donovan Brooke 2006)
  33. Re: hmmm ( "WebDna @ Inkblot Media" 2006)
  34. Re: hmmm ( John Peacock 2006)
  35. Re: hmmm ( Clint Davis 2006)
  36. Re: hmmm ( Jesse Proudman 2006)
  37. Re: hmmm ( Donovan Brooke 2006)
  38. Re: hmmm ( devaulw@onebox.com 2006)
  39. Re: hmmm ( "Dan Strong" 2006)
  40. Re: hmmm ( Clint Davis 2006)
  41. Re: hmmm ( "Dan Strong" 2006)
  42. Re: hmmm ( "Dan Strong" 2006)
  43. Re: hmmm ( Terry Wilson 2006)
  44. Re: hmmm ( Stuart Tremain 2006)
  45. Re: hmmm ( "Dan Strong" 2006)
  46. Re: hmmm ( "Dan Strong" 2006)
  47. Re: hmmm ( "Nitai @ ComputerOil" 2006)
  48. Re: hmmm ( "Bess Ho" 2006)
  49. Re: hmmm ( "Bess Ho" 2006)
  50. Re: hmmm ( Jesse Proudman 2006)
  51. Re: hmmm ( "Bess Ho" 2006)
  52. Re: hmmm ( Kenneth Grome 2006)
  53. Re: hmmm ( Jesse Proudman 2006)
  54. Re: hmmm ( devaulw@onebox.com 2006)
  55. Re: hmmm ( John Peacock 2006)
  56. Re: hmmm ( Jesse Proudman 2006)
  57. Re: hmmm ( John Peacock 2006)
  58. Re: hmmm ( John Peacock 2006)
  59. Re: hmmm ( Jesse Proudman 2006)
  60. Re: hmmm ( Kenneth Grome 2006)
  61. Re: hmmm ( John Peacock 2006)
  62. Re: hmmm ( John Peacock 2006)
  63. Re: hmmm ( Jim Ziegler 2006)
  64. Re: hmmm ( Jesse Proudman 2006)
  65. Re: hmmm ( WJ Starck 2006)
  66. Re: hmmm ( Clint Davis 2006)
  67. Re: hmmm ( WJ Starck 2006)
  68. Re: hmmm ( WJ Starck 2006)
  69. Re: hmmm ( Clint Davis 2006)
  70. Re: hmmm ( Clint Davis 2006)
  71. Re: hmmm ( "Bess Ho" 2006)
  72. Re: hmmm ( Stuart Tremain 2006)
  73. Re: hmmm ( WJ Starck 2006)
  74. Re: hmmm ( Stuart Tremain 2006)
  75. Re: hmmm ( WJ Starck 2006)
  76. Re: hmmm ( Jesse Proudman 2006)
  77. Re: hmmm ( Stuart Tremain 2006)
  78. Re: hmmm ( Eric king 2006)
  79. Re: hmmm ( Jesse Proudman 2006)
  80. Re: hmmm ( devaulw@onebox.com 2006)
  81. Re: hmmm ( "Nitai @ ComputerOil" 2006)
  82. Re: hmmm ( Jesse Proudman 2006)
  83. Re: hmmm ( "Bess Ho" 2006)
  84. Re: hmmm ( WJ Starck 2006)
  85. Re: hmmm ( "Bess Ho" 2006)
  86. Re: hmmm ( Chris 2006)
  87. Re: hmmm ( Adam O'Connor 2006)
  88. Re: hmmm ( Donovan Brooke 2006)
  89. Re: hmmm ( devaulw@onebox.com 2006)
  90. Re: hmmm ( "Nitai @ ComputerOil" 2006)
  91. hmmm ( Donovan Brooke 2006)
  92. Things that make you go Hmmmm (Brian B. Burton 2001)
Eric Some of those can be controlled in your preferences. Stuart Tremain idfk web developments, sydney, australia On 31 May 2006, at 8:23 AM, Eric king wrote: > Those are not the only ones to look out for. > These need to be looked for also: > > search > delete > replace > function > tcpconnect > showcart > if > showif > then > else > ... > The list goes on. > > Does any one know if SM is going to patch this one? > > > > Jesse Proudman wrote: >> Here's what I'm using: >> >> RewriteEngine On >> RewriteCond %{QUERY_STRING} ^.*text=.*$ [NC,OR] >> RewriteCond %{QUERY_STRING} ^.*include=.*$ [NC,OR] >> RewriteCond %{QUERY_STRING} ^.*setheader=.*$ [NC,OR] >> RewriteCond %{QUERY_STRING} ^.*math=.*$ [NC,OR] >> RewriteCond %{QUERY_STRING} ^.*!=.*$ [NC] >> RewriteRule ^.*$ - [F] >> >> >> On May 30, 2006, at 1:10 PM, devaulw@onebox.com wrote: >> >>> Yikes. Any chance you can post the rewriterule for us? >>> >>> Thanks, >>> Bill >>> >>> >>> -----Original Message----- >>> From: Jesse Proudman >>> Sent: Tue, 30 May 2006 12:18:11 -0700 >>> To: "WebDNA Talk" >>> Subject: Re: hmmm >>> >>> [This was reported to SM a week or two ago] >>> >>> On a security note... >>> >>> http://www.smithmicro.com/?text=&!=&math >>> I solved this on my servers using Mod Rewrite, but every one may >>> want >>> to do something to block it on their boxes. Make sure you don't >>> store sensitive information (Authorize.net username / passwords, >>> etc) >>> in text vars until you've got it patched. >>> >>> >>> On May 30, 2006, at 11:38 AM, WJ Starck wrote: >>> >>>> Indeed. >>>> >>>> What else can ya say, in a day and age where security and >>>> extensibility are at the forefront of many an admin's mind? >>>> >>>> R.I.P. beloved WebDNA... >>> >>> -- >>> >>> Jesse Proudman >>> Blue Box Group, LLC >>> >>> p. +1.800.613.4305 x801 >>> e. jesse@blueboxgrp.com >>> >>> >>> >>> ------------------------------------------------------------- >>> This message is sent to you because you are subscribed to >>> the mailing list . >>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to >> digest@talk.smithmicro.com> >>> Web Archive of this list is at: http://webdna.smithmicro.com/ >>> >>> >>> >>> ------------------------------------------------------------- >>> This message is sent to you because you are subscribed to >>> the mailing list . >>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to >> digest@talk.smithmicro.com> >>> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> -- >> >> Jesse Proudman >> Blue Box Group, LLC >> >> p. +1.800.613.4305 x801 >> e. jesse@blueboxgrp.com >> >> >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to > digest@talk.smithmicro.com> >> Web Archive of this list is at: http://webdna.smithmicro.com/ >> >> >> >> --No virus found in this incoming message. >> Checked by AVG Free Edition. >> Version: 7.1.394 / Virus Database: 268.8.0/352 - Release Date: >> 5/30/2006 >> >> > > > ------------------------------------------------------------- > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to digest@talk.smithmicro.com> > Web Archive of this list is at: http://webdna.smithmicro.com/ ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://webdna.smithmicro.com/ Stuart Tremain

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Check boxes (1997) RE: Credit Card Checksum (1997) Emailer [cart] file names (1997) Color (2000) why is this line in GeneralStore? (1998) WebTrends (2002) TPC Connect (1999) flushdatabases (1997) iis 4.0 (1997) can pull down menu do a ONCHANGE= without Java script? (2000) Showif with an or (2003) [Request] - SQL Search (2000) Images (2000) problems with 2 tags shakur (1997) Help! Strange happenings... (1997) Forms Search Questions (1997) tcpconnect (1999) [WebDNA] Setting Content-Type within [returnraw] - not working on (2010) [addlineitems] display (1997) Quick Question About Sorting (1997)