-Talk@witango.com
Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security
A long-term and easily addressed security issue with tango/witango is the use
of _userreference argument in the URL. The builders default to using this.
LIkely, back in the early pre-pleistocene days of tango
, 2010 1:57 PM
To: Witango-Talk@witango.com
Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security
Thats a good point, but correct me if I am wrong, that is not enough. You must
also disable witango from parsing the URL looking for the userreference, or
session can still be hijacked. I
. This behavior can’t be changed.
Robert
From: Robert Garcia [mailto:wita...@bighead.net]
Sent: Friday, December 10, 2010 1:57 PM
To: Witango-Talk@witango.com
Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security
Thats a good point, but correct me if I am wrong, that is not enough. You
:57 PM
To: Witango-Talk@witango.com
Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security
Thats a good point, but correct me if I am wrong, that is not enough. You
must also disable witango from parsing the URL looking for the userreference,
or session can still be hijacked. I
[mailto:wita...@bighead.net]
Sent: Friday, December 10, 2010 1:57 PM
To: Witango-Talk@witango.com
Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security
Thats a good point, but correct me if I am wrong, that is not enough. You
must also disable witango from parsing the URL looking
@witango.com Witango-Talk@witango.com
Date: Fri, 3 Dec 2010 13:00:30 -0600
To: Witango-Talk@witango.com Witango-Talk@witango.com
Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security
The only real security issue we ever worried about with witango, is SQL
injection, and then just poor
:00:30 -0600
To: Witango-Talk@witango.com Witango-Talk@witango.com
Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security
The only real security issue we ever worried about with witango, is SQL
injection, and then just poor coding as it relates to login methodologies
where
Folks,
We've had (Wi)Tango around for a dozen years and I can say it's been worry free
in our environment. The fact that it still functions after various degrees of
support (or not) over those years is a credit to the foundational work. I can't
say that I've seen much discussion on the
The only real security issue we ever worried about with witango, is SQL
injection, and then just poor coding as it relates to login methodologies where
there are holes, that would occur on any platform. So you should always use
BIND or database actions, not custom inserts/updates when user
From: Robert Garcia wita...@bighead.net
Reply-To: Witango-Talk@witango.com Witango-Talk@witango.com
Date: Fri, 3 Dec 2010 13:00:30 -0600
To: Witango-Talk@witango.com Witango-Talk@witango.com
Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security
The only real security issue we ever
10 matches
Mail list logo