NetTalk Central

Recent Posts

Pages: [1] 2 3 ... 10
1
Web Server - Ask For Help / Browse Inline Menu ends up in Orphaned Embeds
« Last post by Niels Larsen on September 16, 2024, 10:08:18 PM »
Hi Bruce

When I want to "Send Click to Server" the server code ends in a Orphaned Embeds, and is Of cause not generated.
Maybe I'm doing something wrong....
Example attached.

/Niels
2
Web Server - Ask For Help / Re: Strange behaviour of NetEncryptString and NetDecryptString
« Last post by joep on September 16, 2024, 01:34:25 AM »
Hi Bruce,

I have got it working. Like you said I needed the length of the string.
So len(string) did not work. I used stringtheory to determine the length en stored it in the database.
And NetdecryptString with the wrigth length gave me in all examples the same string back.
Thanks for pointing the wrigth direction to me.

Regards Joep
3
E-Mail - Ask For Help / Postmark issues at the moment
« Last post by JohanR on September 16, 2024, 01:02:57 AM »
Hi,

In case anyone using Postmark to send emails via their SMTP server

https://status.postmarkapp.com/notices/5jmmv4cyfqboak2v-service-issue-outbound-smtp-sending-issues

cheers,

Johan
4
Hi Bruce,
Yes, its online from an Amazon Server
CTL-F5 doesnt seem to fix it though.

If I put the mouse cursor on the blank record  line, it brings back the detail but only while the mouse is hovering.
If there is more than one line , its always the top line blank but other line records are populated, and that too will activate with the hovering mouse.

Thanks
Richard
5
looks like a CSS issue. Is the page online?
(given that it's a CSS issue, and it's only an issue in the deployed server, you may want to refresh your CSS in the browser.)
6
Web Server - Ask For Help / Re: Apostraphe value in sql
« Last post by Bruce on September 15, 2024, 08:14:56 PM »
>> Bruce how is possible SQL injection attacks with prop:sql ?

Prop:Sql passes the SQL you write straight through to the database for execution.

By contrast the drivers create "Parameterized Queries" - which separate the "code" part of the sql from the data part of the sql. Separating the code and the data means that code is code and data is data.

With prop:Sql the code and data are smooshed together. So Jason's line;

InvoiceItems{Prop:Sql} = 'Select * from dbo.InvoiceItems where ProductName = ''' & p_web.GSV('SelectedProductName') & ''''

Is vulnerable to manipulation of SelectedProductName.
For example, say this is coming from an entry field on the window. Then I enter;

' ; Drop Table Customers; '

This is a trivial example, but shows the root problem. Once a user can enter "any sql", well they can do anything they like to your database, and none of it is good.

7
Web Server - Ask For Help / Re: Apostraphe value in sql
« Last post by osquiabro on September 14, 2024, 12:07:38 PM »
"You should not be using Prop:SQL at all in your program. This is very, very bad. Using Prop:Sql will open up your program to SQL injection attacks. Do not do it."

Bruce how is possible SQL injection attacks with prop:sql ?

i can create a public demo that use prop:sql  for you to try the sql injetion
8
The two screen shots attached may explain the problem with the browse
The record in focus does not display the saved checkbox value

Thanks
Richard
9
Web Server - Ask For Help / Re: Apostraphe value in sql
« Last post by Bruce on September 13, 2024, 09:52:44 PM »
Hi Jason,

>> you want me to produce example in sql?

sure.

>> I will issue the sql query in my embed code
>> InvoiceItems{Prop:Sql} = 'Select * from dbo.InvoiceItems where ProductName = ''' & p_web.GSV('SelectedProductName') & ''''

See - already you are exposing detail which you haven't done before. That's the purpose of an example.

You should not be using Prop:SQL at all in your program. This is very, very bad. Using Prop:Sql will open up your program to SQL injection attacks.
Do not do it.

Equally, you don't need to be using Prop:Sql. The API's support VIEWS as a return structure, and VIEW's support filters. You should be using that.

Let me say it again - if you are using Prop:Sql in General, and with user entered data in Particular, then your web app is doomed to failure. If you do go this route please let me know the URL of your service so I can delight in dropping all your tables from the database, randomly filling your database with Spam, altering all the unit prices so I can get stuff for free, and having fun in all other kinds of ways.

>> What i am asking is if there is a nettalk method to convert single apostrophe to double apostrophe then it would be useful.

Clarion has a command QUOTE which does that.

Cheers
Bruce
10
I have a page loading Netweb Browse and associated form
Adding records to the browse via the form complete OK except that form selected  checkboxes are not displaying  populated unless there is more than one record and when  toggling between the records.
 
It appears that only the record  in focus does not display the populated checkboxes although other line fields are correct.
By hovering the cursor on the line displays, until moved off.

This anomaly only occurs when run online despite copying in the updated exe and web folder .
On my local machine the Browse  behaves as expected.
Can I have help with this please.

Thanks
Richard   NT 14.27
 
Pages: [1] 2 3 ... 10