At 11:17 PM 10/11/2001 -0400, Jeff Johnson wrote:
>Here's a new one. What is a REQUEST_METHOD = HEAD? Isn't that just GET
>or POST?
It's like a GET, but it only wants the timestamp in return. Browsers will
ask for a HEAD if they are caching a copy of the document in the hope that
they don't n
Here's a new one. What is a REQUEST_METHOD = HEAD? Isn't that just GET
or POST?
Traceback (most recent call last):
File "/usr/Webware/Webware/WebKit/Application.py", line 341, in
dispatchRequest
self.handleGoodURL(transaction)
File "/usr/Webware/Webware/WebKit/Application.py", line 489
> Hey, just logged in. Looks real nice. It's great to see a
> well-branded live site with Webware!
:)
>
> The error messages in the registration form were intermittent -- while
> many fields may have errors, only one or two at a time would display.
> All appropriate error messages should disp
Hey, just logged in. Looks real nice. It's great to see a
well-branded live site with Webware!
The error messages in the registration form were intermittent -- while
many fields may have errors, only one or two at a time would display.
All appropriate error messages should display at once if yo
At 01:07 AM 10/12/2001 +0200, Fionn Behrens wrote:
>All I can say about that is that I have a disabled brother. There are two
>special web browsers he can operate and one of them can do cookies but no
>frames, the other one can do frames but no cookies.
>
>Sometimes some web designers literally ru
Hi Chuck Esterbrook,
on 11-Oct-2001 you wrote:
> At 12:09 AM 10/12/2001 +0200, Fionn Behrens wrote:
>>The site looks nice indeed. But I find it hardly acceptable that it is not
>>viewable without cookies.
>>
>>Just my 0.00,
>> Fionn
>
> Fionn, I also noticed that you don't acce
Chuck Esterbrook <[EMAIL PROTECTED]> wrote:
> I just never really understood the anti-cookie movement. I investigated it
> at one point by reading through archives and visiting anti-cookie sites but
> never found a compelling, *concrete* example of why cookies were evil.
The only cookies I real
>
> The site looks nice indeed. But I find it hardly acceptable
> that it is not
> viewable without cookies.
> Fionn
I'd love to support no cookies if I knew how to do it easily. I haven't
played with the code that adds the session id to the url path, once I
get caught up I'll
At 12:09 AM 10/12/2001 +0200, Fionn Behrens wrote:
>The site looks nice indeed. But I find it hardly acceptable that it is not
>viewable without cookies.
>
>Just my 0.00,
> Fionn
Fionn, I also noticed that you don't accept e-mails from @yahoo.com. I
tried to tell you this:
"You
Hi Jeff Johnson,
on 11-Oct-2001 you wrote:
> http://foreclosures.lycos.com/
>
> This is running FreeBSD, PostgreSQL, Webware, Cheetah and FunFormKit.
>
> Any suggestions appreciated.
The site looks nice indeed. But I find it hardly acceptable that it is not
viewable without cookies.
Just my
At 05:39 PM 10/11/2001 -0400, Geoff Talvola wrote:
>Sure. Just make a longer random number to use as the random part of the
>session ID.
>
>Actually, a bigger flaw may be in relying on Python's pseudo-random number
>generator. Suppose you send a quick flurry of ten requests to WebKit,
>theref
At 01:48 PM 10/11/01 -0700, you wrote:
>At 04:38 PM 10/11/2001 -0400, Geoff Talvola wrote:
>>I could write a program that keeps on trying random session IDs with the
>>date/time part of the session ID set to a couple of minutes ago, so the
>>session is likely to still be around. It might take h
Relying on session timeouts seems to be a a problem in using UserKit, at least with
the UserManager.activeUsers() method.
If a user logs in and thier session invalidates how does the UserManager know that
they lost thier session?
Technically they are not logged in becuase next time they hit a
Thanks for the detailed review Chuck! I'll have most of these resolved
tomorrow.
> Overall it looks great! And I'm very excited to see such a
> high profile site backed by Webware.
I didn't want to go live with the Lycos site first, I wanted a lower
traffic site to test on first but that's jus
At 04:40 PM 10/11/2001 -0400, Jeff Johnson wrote:
>We went live today with one of the sites we are working on. I didn't
>expect to go live today but it was either that or wait a month so we
>pushed ahead. Hopefully it works as expected :)
>
>http://foreclosures.lycos.com/
>
>This is running Free
Baruch Even <[EMAIL PROTECTED]> wrote:
> If someone can sniff out your session, he can easily fake the TCP/IP
> connection with ease.
Really? I understand how sniffing works (though with proxies there's
potentially other ways that cookies can be spied on), but I don't
really know how IP address
Geoff Talvola <[EMAIL PROTECTED]> wrote:
> I could write a program that keeps on trying random session IDs with the
> date/time part of the session ID set to a couple of minutes ago, so the
> session is likely to still be around. It might take hundreds of thousands
> of tries but it would even
We went live today with one of the sites we are working on. I didn't
expect to go live today but it was either that or wait a month so we
pushed ahead. Hopefully it works as expected :)
http://foreclosures.lycos.com/
This is running FreeBSD, PostgreSQL, Webware, Cheetah and FunFormKit.
Any su
At 04:38 PM 10/11/2001 -0400, Geoff Talvola wrote:
>I could write a program that keeps on trying random session IDs with the
>date/time part of the session ID set to a couple of minutes ago, so the
>session is likely to still be around. It might take hundreds of thousands
>of tries but it woul
I tried the new wkcgi.exe, but I still had problems when I tried to
forwardRequest. I have attached the code examples just in case. This
examples, after I click forward, eventually timesout. Is there a special
directory I need to place the wkcgi.cfg in?
-Original Message-
From: Geoff
At 01:29 PM 10/11/01 -0700, Chuck Esterbrook wrote:
>Okay, so I'm curious how you would actually guess a session on my server?
>You need to get a number between 0 and 9 AND you need to know the
>exact date, including second, that the session was created.
>
>You say that "only the last 5 digi
* Ian Bicking <[EMAIL PROTECTED]> [011011 22:23]:
> Geoff Talvola <[EMAIL PROTECTED]> wrote:
> > That reminds me of something I meant to bring up a while ago. Session IDs
> > are currently not very random. Only the last 5 digits are actually random
> > -- the rest of it is just the current tim
At 03:29 PM 10/11/2001 -0400, Geoff Talvola wrote:
>That reminds me of something I meant to bring up a while ago. Session IDs
>are currently not very random. Only the last 5 digits are actually random
>-- the rest of it is just the current time expressed as a string.
>
>This could be a securit
At 03:29 PM 10/11/2001 -0400, Geoff Talvola wrote:
>At 12:14 PM 10/11/01 -0700, Chuck Esterbrook wrote:
>>The idea behind externalId is that you could safely use it externally to
>>refer to a user. Safely means that 1. it would be hard for someone to
>>guess (and therefore impersonate another us
Geoff Talvola <[EMAIL PROTECTED]> wrote:
> That reminds me of something I meant to bring up a while ago. Session IDs
> are currently not very random. Only the last 5 digits are actually random
> -- the rest of it is just the current time expressed as a string.
>
> This could be a security hol
At 12:14 PM 10/11/01 -0700, Chuck Esterbrook wrote:
>The idea behind externalId is that you could safely use it externally to
>refer to a user. Safely means that 1. it would be hard for someone to
>guess (and therefore impersonate another user) and 2. would not reveal
>private information about
At 02:56 PM 10/11/2001 -0400, Aaron Held wrote:
>Are any of the timout functions in the UserManager classes
>(cachedUserTimeout()) implemented?
>They do not seem to be used anywhere.
>
>Also what is External ID used for? For an I was planning to map -
>User.name = email address
>User.SerialNum =
Are any of the timout functions in the UserManager classes (cachedUserTimeout())
implemented?
They do not seem to be used anywhere.
Also what is External ID used for? For an I was planning to map -
User.name = email address
User.SerialNum = User.SerialNum (= primary key of DB)
User.ExternalID
At 09:16 AM 10/11/2001 -0700, Russell Blank wrote:
>I really cannot wait to try this new version out. When and where should I
>look to download this new version of the executable?
I'll upload in a moment and send a message to the -discuss list.
-Chuck
_
I really cannot wait to try this new version out. When and where should I
look to download this new version of the executable?
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Love, Jay
Sent: Thursday, October 11, 2001 6:19 AM
To: 'Geoff Talvola'; [EMAIL
On Thursday October 11, 2001 09:19 am, Love, Jay wrote:
> If IIS doesn't run the cgi in the cgi's directory, does anyone have any
> suggestions on how it might be able to find the config file? I know the
> Windows way is to use the Registry, but that would not be a simple approach
> here.
>
> Jay
If IIS doesn't run the cgi in the cgi's directory, does anyone have any
suggestions on how it might be able to find the config file? I know the
Windows way is to use the Registry, but that would not be a simple approach
here.
Jay
> -Original Message-
> From: Geoff Talvola [mailto:[EMAIL
Good job guys.
Jay
> -Original Message-
> From: Geoff Talvola [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, October 10, 2001 7:20 PM
> To: [EMAIL PROTECTED]
> Subject: [Webware-devel] cvs update
>
>
> I fixed wkcgi.exe so that it works with IIS as well as
> Apache. I'll email
> Chuc
33 matches
Mail list logo
