On 20 Apr 2007, at 04:40, David Bandel wrote:
> On 4/19/07, Stroller <[EMAIL PROTECTED]> wrote:
>>
>> On 20 Apr 2007, at 01:06, David Bandel wrote:
>> > ...
>> > And BTW, moving from SQL-Ledger 2.627 (db version 2.6.12) to LSMB
>> > provokes a nasty error message regarding the defaults table
>>
On 20 Apr 2007, at 01:06, David Bandel wrote:
> ...
> And BTW, moving from SQL-Ledger 2.627 (db version 2.6.12) to LSMB
> provokes a nasty error message regarding the defaults table (which has
> changed completely). Is there currently an update script for this?
Did you run:
ledgersmb/sql/leg
--- Christopher Murtagh <[EMAIL PROTECTED]> wrote:
> Frames need to die. The problem is that there is a lot of business logic and
> input code that is tied into the current frameset.
Do you mean that third party integration code is written to HTML and URL
elements in a frameset, or that parts of
On 4/19/07, Christopher Murtagh <[EMAIL PROTECTED]> wrote:
> On Thursday 19 April 2007, David Bandel wrote:
> > Noticed you want to move to xhtml and I assume CSS2. I can probably
> > help some here. Do you want to stick to frames or use CSS2's ability
> > to do a two column layout without frames
On Thursday 19 April 2007, David Bandel wrote:
> Noticed you want to move to xhtml and I assume CSS2. I can probably
> help some here. Do you want to stick to frames or use CSS2's ability
> to do a two column layout without frames?
Frames need to die. The problem is that there is a lot of busin
On 4/19/07, Chris Travers <[EMAIL PROTECTED]> wrote:
> On 4/19/07, David Bandel <[EMAIL PROTECTED]> wrote:
> > Folks,
> >
> > New to the list, but interested in hearing about this. Been a
> > SQL-Ledger user for years. What attracted me were:
> > 1. sensible database (PostgreSQL)
> > 2. Perl vs
Christopher Murtagh wrote:
> On Thursday 19 April 2007, Charley Tiggs wrote:
>> To second Tim's observation, I've just launched a custom ecommerce site
>> that uses LSMB 1.2.3 and PHP 5. We do have real time inventory working
>> great with several custom views that are accessed by PHP. Orders are
I guess I would just add that java script injection is not a new
attack vector. The only think that makes this specific exploit
different is that it is an attack aimed at the browser instead of at
the application. Note that we have to be very careful about allowing
any sort of javascript injectio
On Thursday 19 April 2007 13:05, Chris Travers wrote:
> > Obviously LSMB would not be susceptible to buffer overflows, but every
> > day I see more and more seriously negative stuff about javascript.
> > My understanding is that LSMB development is going to add a lot of
> > javascript based web 2.0
On Thursday 19 April 2007, Charley Tiggs wrote:
> To second Tim's observation, I've just launched a custom ecommerce site
> that uses LSMB 1.2.3 and PHP 5. We do have real time inventory working
> great with several custom views that are accessed by PHP. Orders are
> entered into LSMB in real tim
[EMAIL PROTECTED] wrote:
>> Folks,
> ...
>> 2. Perl vs PHP
>>
>> My question is: any planned changes to this architecture? If so, why?
>
> I am not a LedgerSMB developer (but probably will contribut one day when
> my new born no longer needs diapers), but boy Perl and PHP architecture
> change s
On Thursday 19 April 2007, Chris Bennett wrote:
> Are there plans for the new interfaces to "degrade gracefully" without
> loss of function (some loss of convenience couldn't be avoided), if a
> person found that javascript HAD to be turned off and kept off because
> of non-LSMB security issues?
On 4/19/07, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> > Folks,
> ...
> > 2. Perl vs PHP
> >
> > My question is: any planned changes to this architecture? If so, why?
>
> I am not a LedgerSMB developer (but probably will contribut one day when
> my new born no longer needs diapers), but boy P
Hi Chris;
I have been following this issue. I can tell you that we are not
looking at allowing users to add their own Javascript to pages. This
is just one example of what user-defined Javascript can do. In
general, we do not think that it is a good security practice to allow
users of the appli
> Folks,
...
> 2. Perl vs PHP
>
> My question is: any planned changes to this architecture? If so, why?
I am not a LedgerSMB developer (but probably will contribut one day when
my new born no longer needs diapers), but boy Perl and PHP architecture
change seems like a very daunting task!?
You k
http://www.ngssoftware.com/research/papers/InterProtocolExploitation.pdf
Summary: A way of exploiting web browsers located within the security
perimeter (i.e access to internal network)
using something like javascript from an external web page to launch
a buffer overflow attack on internal n
On 4/19/07, David Bandel <[EMAIL PROTECTED]> wrote:
> Folks,
>
> New to the list, but interested in hearing about this. Been a
> SQL-Ledger user for years. What attracted me were:
> 1. sensible database (PostgreSQL)
> 2. Perl vs PHP
>
> My question is: any planned changes to this architecture?
Folks,
New to the list, but interested in hearing about this. Been a
SQL-Ledger user for years. What attracted me were:
1. sensible database (PostgreSQL)
2. Perl vs PHP
My question is: any planned changes to this architecture? If so, why?
Thanx,
David A. Bandel
--
Focus on the dream, not
18 matches
Mail list logo
