Re: Data Protection (was: Another CGI question. Keeping an array over more than one Webpage
Hello Alejandro and All, Le 9 mai 04, à 02:25, Alejandro Tejada a écrit : on Sat, 8 May 2004 00:39:58 +0200 Pierre Sahores wrote in response to Alejandro Tejada: By the way, talking about protection of data, Does exist a way to get the contents or the scripts of stacks opened directly in the engine, downloaded from the web? Someone told me that it's possible to make a dump of the memory and take the data from the resulting file. It's really possible to get a stack from a dumped memory file? Even if it's, in theory, possible, suppose, just as an example, in between many other possibles ways : 1.- your main stack is password protected ; 2.- this stack contains substacks protected by randomly set passwords ; 3.- the mainstack herits from the substacks stack's and/or card's scripts by activating them as front and back scripts... No sure it will be a piece of cake to rebuild all the stuff needed to get the stack cracked and runable at the same time... Pierre, you work in the Linux platform, where these kind of memory dump tools are common. 100% true ! It's why is it's always a very bad idea to use only one scheme to protect a program against unauthorised use, copy, duplication, etc... Could you make a small test with a password protected stack and another unprotected, in the next weekend? Unneeded, as long as we are ok with the fact that we need to use a multiple encryptation states and protocols method to set-up a real difficult to crack protection scheme. Even the DES or RSA ways with nothing more would be like travelling over the seas in a Zepplin just token out from its museum... This kind of fly would, probably, in many cases, become very dangerous and not only under the windows platform ;) Read the information in this page: http://www.nii.co.in/vuln/crypt.html I remember an hypercard stack i did so uncrackable, uncopyable, etc... that i could never restart it until i took together an old unprotected issue of it and the source code of the protected stack to build a new one... This is very interesting. Do you remember the approach that you take to create this kind of protection? Mainly, the method had to do with splitting the app in two parts (a splash screen stack, the main stacks of the app) where the splash screen was popping up, on startup, to ask for a password to the user. The password input was compared to to reference' one inside an XFCN res stored in one of the main stacks of the app, trough an XFCN encryptation/decryptation proc res able to start only if a third res was present in the MacOS 8 system's library. One of the main part of the game consisted in having this discrete system's res installed when the authorised user launched the app, for the first time, on a new box. Each time the user was launching the app, he had to enter the password and if the input didn't launch the verification proc or match the right password reference, the app was just quitting before any main stacks of the app comes up in ram (not started at all)... To the end, there was some more procs in about the protection of the main stacks too ;) In about protecting code and apps, the key features are in the design, lots more than in the technical tasks... Agreed, but when we are working with other people's data, safekeeping it's a 24 hour requisite. Thanks a lot for your insights! You welcome, Best, Pierre BTW : just a little off topic... Do you have any web docs entry points to share about streaming QT/MP4 contents in a one to many sheme, runnable in IPV4, without having to send a different stream to each conected user, something like binding the IPV6 broadcast address witch could work in IPV4 mode ?... IPV6 is so great, as dream ;) Thanks a lot :) al = Visit my site: http://www.geocities.com/capellan2000/ Search the mail list: http://mindlube.com/cgi-bin/search-use-rev.cgi __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Another CGI question. Keeping an array over more than one Webpage.
Hi all, thanks for responding. Terry Vogelaar wrote: Remember that the engine quits as soon as the file is processed. So while you read the results, the engine is not running anymore. When you save data to an array, it has to be a custom property as an array and you have to save the stack to keep the data. That data will remain there available for all users until it is erased or overwritten. That´s what I suspected. And explains why I failed with my experiments. Jan Schenkel wrote: At the risk of getting slammed by the anti-cookie lobby : you could always store session variables in cookies. You can serialise your array and encrypt that data as well if you want to, and these cookies can be automatically deleted when the user quits his browser, or you can have them expire at a certain time, etc. That is what I´m dreaming being able to do. But I must admit it is a bit over my head at the moment. I´m trying to set up 4 Webpages. fruit.html meat.html perishable_food.html vegetables.html Each Html file has a set of forms. A desrciption of an item, a field to type a numerical value in. The CGI should be able to add the values submitted by the user as long as his session takes and allow to add other items. If the user hits a Now what´s for dinner button the CGI should return something like this: You got 3 bananas, 1 peach, 1 broccoli, 5 potatoes, 1 egg, 1 cup of cream and a steak. You can do a steak with broccoli and au gratin potatoes. You can also have a fruit salad for dessert if you are willing to spend about 1.5 hours in the kitchen. or if there is no food: You got no food at all. Go shopping you lazy bag. (Guess what I´ve been toled until now...) JBV wrote: Nevertheless, I keep thinking that using cookies is a blatant demonstration of lazyness for a programer (nothing personal of course) Or they don´t know any better yet. ;-) and that there are more elegant solutions. I´m eager to learn these. But what is the most important for me is to find out what I could be able doing using Rev as CGI. Furthermore, I know many end users who are virulent anti- cookies as well, who disable systematically the cookie option of their browser, and who get really irritated when a webpage refuses to display because they turned off the cookie option and who swear god they'll never visit that website again... That´s a serious concern. I am aware that users can turn off cookies. I know quite a few Users that disable cookies. But they would be willing to accept cookies if they are really neccesary. For my experiments it is not a serious concern, as it is only a brainteaser for me. Richard Gaskin wrote: I'm no fan of cookie abuse, and I looove that Mozilla let's me approve them individually (I always nix the ones from evil ad companies that track you all over the Web). I hope many Users think that way. I guess if one promisses not to bomb the user with popup adds they might be willing to accept cookies. But how else does one maintain state information, esp. between sessions? I would also love to know that. jbv wrote: you can use temp files on your server, or hidden flds on your successive webpages with the post cmd. Pierre Sahore wrote: The second way you describe, JB, (the use of hidden.../hidden tags in the posted Form) is the first i would recommand if the cgi/app need to interact with lots of clients in concurrent access mode. If needed, this way lets us crypt - encode/decode - the hidden tags contents from the server-side cgi/app, if we wants to preserve those datas from beeing viewed, on the client side, by reading the form source code. So I would need to post the whole data I need on all 4 Webpages in hidden Tags? Would I need to call 2 CGIs to avoid refresh errors? The first to set all values to zero and the second to add values from there? All HTML is returned by the CGI created on the fly, no static HTML files? Please excuse my dumb questions. I guess I´m thinking too static (webpages are build in a texteditor...) here. Best, Malte ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Another CGI question. Keeping an array over more than one Webpage.
Malte Brill heeft op zaterdag, 8 mei 2004 om 11:07 (Europe/Amsterdam) het volgende geschreven: I´m trying to set up 4 Webpages. fruit.html meat.html perishable_food.html vegetables.html Each Html file has a set of forms. A desrciption of an item, a field to type a numerical value in. The CGI should be able to add the values submitted by the user as long as his session takes and allow to add other items. If the user hits a Now what´s for dinner button the CGI should return something like this: You got 3 bananas, 1 peach, 1 broccoli, 5 potatoes, 1 egg, 1 cup of cream and a steak. You can do a steak with broccoli and au gratin potatoes. You can also have a fruit salad for dessert if you are willing to spend about 1.5 hours in the kitchen. or if there is no food: You got no food at all. Go shopping you lazy bag. [...] So I would need to post the whole data I need on all 4 Webpages in hidden Tags? Would I need to call 2 CGIs to avoid refresh errors? The first to set all values to zero and the second to add values from there? All HTML is returned by the CGI created on the fly, no static HTML files? Please excuse my dumb questions. I guess I´m thinking too static (webpages are build in a texteditor...) here. I don't quite understand what your objective is. A virtual grocery store? Or a recipe suggestion utility? Of course you could let the CGI generate only the resulting page, but also the form itself. If the collection of ingredients varies, than you could make a stack in which each card contains a type of food. It can have several fields among which are the name and the category of the ingredient. Then you can let a script simply see which cards have the 'fruit' category and you'll let the script use the field data on these cards in a table. Modifying the stack can be done with a download-edit-upload cycle or you can make a content management system; ie modifying the stack online using a form. The users can form a separate stack in which you could put data like username, password, permission to modify the stack or not, basket / fridge content, etc. Also, it might be more efficient to use a single form instead of multiple. I'll show you how: FORM method=post action=http://www.bananas.com/cgi-bin/add.cgi; INPUT type=hidden name=username value=Terry Vogelaar INPUT type=hidden name=Password value=best customer INPUT type=text name=quantity value=1 INPUT type=submit name=adding value=Apple INPUT type=submit name=adding value=Mango INPUT type=submit name=adding value=Peach /FORM This way, the submit button has a name and a value which you can evaluate by a CGI script. That way, you can see if the user wants to add a (number of) apples, mangos or peaches. Terry ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
Another CGI question. Keeping an array over more than one Webpage.
Hi, now that I´ve set everything up on my machine here I´m eager to play around with the CGI stuff. Would it be possible to keep the values stored in an array over more than one Webpage and manipulate that array on Page 1, Page 2, etc? Do I need to use cookies for that? Best, Malte ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Another CGI question. Keeping an array over more than one Webpage.
Malte, Hi, now that I´ve set everything up on my machine here I´m eager to play around with the CGI stuff. Would it be possible to keep the values stored in an array over more than one Webpage and manipulate that array on Page 1, Page 2, etc? Do I need to use cookies for that? you can use temp files on your server, or hidden flds on your successive webpages with the post cmd. JB ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Another CGI question. Keeping an array over more than one Webpage.
Le 7 mai 04, à 15:06, jbv a écrit : Malte, Hi, now that I´ve set everything up on my machine here I´m eager to play around with the CGI stuff. Would it be possible to keep the values stored in an array over more than one Webpage and manipulate that array on Page 1, Page 2, etc? Do I need to use cookies for that? you can use temp files on your server, or hidden flds on your successive webpages with the post cmd. JB Hello, The second way you describe, JB, (the use of hidden.../hidden tags in the posted Form) is the first i would recommand if the cgi/app need to interact with lots of clients in concurrent access mode. If needed, this way lets us crypt - encode/decode - the hidden tags contents from the server-side cgi/app, if we wants to preserve those datas from beeing viewed, on the client side, by reading the form source code. About using globals on the server-side : be carefull to separe them in 3 different classes of globals (with no care about their contents and structure - arrays, not arrays). The first category of globals have to handle the cgi/app environment vars (forms headers and masks, lists of users access authorisations, etc...) to be loaded when the cgi/app starts, the second category of globals will contains the main incoming posted requests values - as postedtag1=value1postedtag2=value2, etc... - you can decode in as many as you need subvars to handle the main global of thoses posted requests values, the third category of globals will have to handle the datas to be replyied over the web or lan to the final client-side user. In handling the code trough this method, we are able to prevent any possible difficulties about the concurrent access requests. About using temp files : because a read/write proc is always slower than getting/setting a global var, i avoid, for my own to use temp files. Best, Pierre ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution -- Bien cordialement, Pierre Sahores 100, rue de Paris F - 77140 Nemours [EMAIL PROTECTED] GSM: +33 6 03 95 77 70 Pro: +33 1 41 60 52 68 Dom:+33 1 64 45 05 33 Fax: +33 1 64 45 05 33 Inspection académique de Seine-Saint-Denis Applications et SGBD ACID SQL (WEB et PGI) Penser et produire delta de productivité ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Another CGI question. Keeping an array over more than one Webpage.
--- Malte Brill [EMAIL PROTECTED] wrote: Hi, now that I´ve set everything up on my machine here I´m eager to play around with the CGI stuff. Would it be possible to keep the values stored in an array over more than one Webpage and manipulate that array on Page 1, Page 2, etc? Do I need to use cookies for that? Best, Malte Hi Malte, At the risk of getting slammed by the anti-cookie lobby : you could always store session variables in cookies. You can serialise your array and encrypt that data as well if you want to, and these cookies can be automatically deleted when the user quits his browser, or you can have them expire at a certain time, etc. Jan Schenkel. = As we grow older, we grow both wiser and more foolish at the same time. (La Rochefoucauld) __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Another CGI question. Keeping an array over more than one Webpage
on Fri, 07 May 2004 jbv respond to Pierre: Pierre wrote: About using temp files : because a read/write proc is always slower than getting/setting a global var, i avoid, for my own to use temp files. I see your point, but if the end user is not supposed to see the data, temp files are the only solution (because end users can always display the source code of the web page). Not always, according to some JB. There is a product named WebLock Pro http://www.weblockpro.com that encrypt webpages. It's interesting, because the creator of this technology could disable the printscreen key, so the user could not take a screen- shot of the pages protected. I've read that it's easy to override this protection scheme, but the instruction to do so are not clear. By the way, talking about protection of data, Does exist a way to get the contents or the scripts of stacks opened directly in the engine, downloaded from the web? Someone told me that it's possible to make a dump of the memory and take the data from the resulting file. It's really possible to get a stack from a dumped memory file? Thanks in advance. al = Visit my site: http://www.geocities.com/capellan2000/ Search the mail list: http://mindlube.com/cgi-bin/search-use-rev.cgi __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Another CGI question. Keeping an array over more than one Webpage
Le 7 mai 04, à 21:10, Alejandro Tejada a écrit : on Fri, 07 May 2004 jbv respond to Pierre: Pierre wrote: About using temp files : because a read/write proc is always slower than getting/setting a global var, i avoid, for my own to use temp files. I see your point, but if the end user is not supposed to see the data, temp files are the only solution (because end users can always display the source code of the web page). Not always, according to some JB. There is a product named WebLock Pro http://www.weblockpro.com that encrypt webpages. It's interesting, because the creator of this technology could disable the printscreen key, so the user could not take a screen- shot of the pages protected. I've read that it's easy to override this protection scheme, but the instruction to do so are not clear. 'Evening, By the way, talking about protection of data, Does exist a way to get the contents or the scripts of stacks opened directly in the engine, downloaded from the web? Someone told me that it's possible to make a dump of the memory and take the data from the resulting file. It's really possible to get a stack from a dumped memory file? Even if it's, in theory, possible, suppose, just as an example, in between many other possibles ways : 1.- your main stack is password protected ; 2.- this stack contains substacks protected by randomly set passwords ; 3.- the mainstack herits from the substacks stack's and/or card's scripts by activating them as front and back scripts... No sure it will be a piece of cake to rebuild all the stuff needed to get the stack cracked and runable at the same time... I remember an hypercard stack i did so uncrackable, uncopyable, etc... that i could never restart it until i took together an old unprotected issue of it and the source code of the protected stack to build a new one... In about protecting code and apps, the key features are in the design, lots more than in the technical tasks... Best Regards; Pierre Thanks in advance. al = Visit my site: http://www.geocities.com/capellan2000/ Search the mail list: http://mindlube.com/cgi-bin/search-use-rev.cgi __ Do you Yahoo!? Win a $20,000 Career Makeover at Yahoo! HotJobs http://hotjobs.sweepstakes.yahoo.com/careermakeover ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
Re: Another CGI question. Keeping an array over more than one Webpage.
jbv heeft op vrijdag, 7 mei 2004 om 15:06 (Europe/Amsterdam) het volgende geschreven: Malte, Hi, now that I´ve set everything up on my machine here I´m eager to play around with the CGI stuff. Would it be possible to keep the values stored in an array over more than one Webpage and manipulate that array on Page 1, Page 2, etc? Do I need to use cookies for that? you can use temp files on your server, or hidden flds on your successive webpages with the post cmd. JB Remember that the engine quits as soon as the file is processed. So while you read the results, the engine is not running anymore. When you save data to an array, it has to be a custom property as an array and you have to save the stack to keep the data. That data will remain there available for all users until it is erased or overwritten. I also don't see any use for temp files on the server. Nice for hit counters and guest books, although these files are not really temporary. As soon as the site is viewed by two or more users simultaneously, these temp files will mix up data for each viewer. Hidden inputs are indeed a good solution. That means that each transit to another file is a form submission. Also cookies are good. Terry ___ use-revolution mailing list [EMAIL PROTECTED] http://lists.runrev.com/mailman/listinfo/use-revolution
