RE: Witango-Talk: Alternate Dumb Question Thread: Security

-Talk@witango.com Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security A long-term and easily addressed security issue with tango/witango is the use of _userreference argument in the URL. The builders default to using this. LIkely, back in the early pre-pleistocene days of tango

RE: Witango-Talk: Alternate Dumb Question Thread: Security

, 2010 1:57 PM To: Witango-Talk@witango.com Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security Thats a good point, but correct me if I am wrong, that is not enough. You must also disable witango from parsing the URL looking for the userreference, or session can still be hijacked. I

Re: Witango-Talk: Alternate Dumb Question Thread: Security

. This behavior can’t be changed. Robert From: Robert Garcia [mailto:wita...@bighead.net] Sent: Friday, December 10, 2010 1:57 PM To: Witango-Talk@witango.com Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security Thats a good point, but correct me if I am wrong, that is not enough. You

Re: Witango-Talk: Alternate Dumb Question Thread: Security

:57 PM To: Witango-Talk@witango.com Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security Thats a good point, but correct me if I am wrong, that is not enough. You must also disable witango from parsing the URL looking for the userreference, or session can still be hijacked. I

Re: Witango-Talk: Alternate Dumb Question Thread: Security

[mailto:wita...@bighead.net] Sent: Friday, December 10, 2010 1:57 PM To: Witango-Talk@witango.com Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security Thats a good point, but correct me if I am wrong, that is not enough. You must also disable witango from parsing the URL looking

Re: Witango-Talk: Alternate Dumb Question Thread: Security

@witango.com Witango-Talk@witango.com Date: Fri, 3 Dec 2010 13:00:30 -0600 To: Witango-Talk@witango.com Witango-Talk@witango.com Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security The only real security issue we ever worried about with witango, is SQL injection, and then just poor

Re: Witango-Talk: Alternate Dumb Question Thread: Security

:00:30 -0600 To: Witango-Talk@witango.com Witango-Talk@witango.com Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security The only real security issue we ever worried about with witango, is SQL injection, and then just poor coding as it relates to login methodologies where

Witango-Talk: Alternate Dumb Question Thread: Security

Folks, We've had (Wi)Tango around for a dozen years and I can say it's been worry free in our environment. The fact that it still functions after various degrees of support (or not) over those years is a credit to the foundational work. I can't say that I've seen much discussion on the

Re: Witango-Talk: Alternate Dumb Question Thread: Security

The only real security issue we ever worried about with witango, is SQL injection, and then just poor coding as it relates to login methodologies where there are holes, that would occur on any platform. So you should always use BIND or database actions, not custom inserts/updates when user

Re: Witango-Talk: Alternate Dumb Question Thread: Security

From: Robert Garcia wita...@bighead.net Reply-To: Witango-Talk@witango.com Witango-Talk@witango.com Date: Fri, 3 Dec 2010 13:00:30 -0600 To: Witango-Talk@witango.com Witango-Talk@witango.com Subject: Re: Witango-Talk: Alternate Dumb Question Thread: Security The only real security issue we ever