Message 2: RADIUS server
from "Shay Shlosh" <admin@multinet.net.il>
Message 3: Re: RADIUS server
from "David Payer" <david.payer@IA-OMNI.COM>
Message 4: unix passwd
from "Lawrence Watkins Work" <lwatkins-work@thepark.net>
Message 5: Re: RADIUS server
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 6: Re: unix passwd
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 7: Re: RADIUS server
from "James B. Hrdy" <jhrdy@greensoft.com>
Message 8: Re: NTISP List
from "Jim Marx" <jmarx@realweb.com>
Message 9: Re: NTISP List
from "Dale E. Reed Jr." <daler@iea-software.com>
Message 10: ASP and special characters
from "Bill Appledorf" <bappled1@san.rr.com>
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 1 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: unsubscribe
From: "Jim Marx" <jmarx@realweb.com>
Date: Thu, 21 May 1998 07:06:15 -0500
unsubscribe
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 2 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: RADIUS server
From: "Shay Shlosh" <admin@multinet.net.il>
Date: Thu, 21 May 1998 17:10:36 +0200
There is a very nice product from Extent Technologies
(http://www.extent.com) which incoporates a RADIUS server, online billing,
web registration, email invoices and a lot of other features in a single
package.
We have tested the product (they have a beta program) and it looks like a
killer app for ISP.
Has any one else have seen this product?
Shay Shlosh
SysAdmin
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 3 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: RADIUS server
From: "David Payer" <david.payer@IA-OMNI.COM>
Date: Thu, 21 May 1998 22:37:01 -0500
Subject: RADIUS server
>There is a very nice product from Extent Technologies
>(http://www.extent.com) which incoporates a RADIUS server, online billing,
>web registration, email invoices and a lot of other features in a single
>package.
Looks very promising but no word about pricing. I am not sure I want to even
beta a program that has a licensing feature like $1000 for 500 users; $1500
for 1000 users; and $2500 for unlimited users. I am not saying this company
has such pricing but I can only guess since they don't post their intention
or ballpark figures.
David Payer
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 4 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: unix passwd
From: "Lawrence Watkins Work" <lwatkins-work@thepark.net>
Date: Thu, 21 May 1998 10:52:27 -0500
Sorry this is of topic, but was curious if someone could
point me in the right direction for reversing out passwords
from a UNIX(FreeBSD) passwd file. As we are trying to move
over 300 domains and 2000 users to NT based mail and WWW
services. ANY clues or pointers would be greatly
appreciated! Please reply to me directly as not to clutter
the list. Thanks in advance for any ideas!
Lawrence Watkins
Network Administrator, Mix Communications
lwatkins@mixcom.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.
| Message 5 |
'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'
Subject: Re: RADIUS server
From: "Dale E. Reed Jr." <daler@iea-software.com>
Date: Thu, 21 May 1998 09:37:21 -0700
David Payer wrote:
>
> Subject: RADIUS server
>
> >There is a very nice product from Extent Technologies
> >(http://www.extent.com) which incoporates a RADIUS server, online billing,
> >web registration, email invoices and a lot of other features in a single
> >package.
>
> Looks very promising but no word about pricing. I am not sure I want to even
> beta a program that has a licensing feature like $1000 for 500 users; $1500
> for 1000 users; and $2500 for unlimited users. I am not saying this company
> has such pricing but I can only guess since they don't post their intention
> or ballpark figures.
Or a company that thinks they are the *ONLY* All-in-one ISP billing
package out there. Maybe they haven't come out from under their rock
yet? :)
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 6 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: unix passwdFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Thu, 21 May 1998 09:39:45 -0700
Lawrence Watkins Work wrote:> > Sorry this is of topic, but was curious if someone could> point me in the right direction for reversing out passwords> from a UNIX(FreeBSD) passwd file. As we are trying to move> over 300 domains and 2000 users to NT based mail and WWW> services. ANY clues or pointers would be greatly> appreciated! Please reply to me directly as not to clutter> the list. Thanks in advance for any ideas!> Lawrence Watkins> Network Administrator, Mix Communications> lwatkins@mixcom.com
RadiusNT has some authenticaiton abilities to replace the"UNIX" password with the un-encrypted password in ODBC mode.It makes migration a real treat.
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 7 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: RADIUS serverFrom: "James B. Hrdy" <jhrdy@greensoft.com>Date: Thu, 21 May 1998 12:18:23 +0000
*looks around*
Hurrmmm,
*scratches head*
Wonder who he is talking about ?
:)
> David Payer wrote:> > > > Subject: RADIUS server> > > > >There is a very nice product from Extent Technologies> > >(http://www.extent.com) which incoporates a RADIUS server, online> > >billing, web registration, email invoices and a lot of other features> > >in a single package.> > > > Looks very promising but no word about pricing. I am not sure I want to> > even beta a program that has a licensing feature like $1000 for 500> > users; $1500 for 1000 users; and $2500 for unlimited users. I am not> > saying this company has such pricing but I can only guess since they> > don't post their intention or ballpark figures.> > Or a company that thinks they are the *ONLY* All-in-one ISP billing> package out there. Maybe they haven't come out from under their rock yet?> :)> > -- > Dale E. Reed Jr. (daler@iea-software.com)> _________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com>
James B. Hrdyemail: jhrdy@greensoft.comweb: http://www.greensoft.com/billingGreenSoft Solutions, Inc.Voice: 785.843.8683 ext 2032317 Ponderosa DriveFax: 785.840.0055Lawrence, Ks.United States of America
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 8 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: NTISP ListFrom: "Jim Marx" <jmarx@realweb.com>Date: Thu, 21 May 1998 12:54:07 -0500
What is the process to unsubscribe?
At 10:58 PM 5/20/98 -0700, you wrote:>For those curious, the NTISP list is still working. I had a configurationerror>on the list that was preventing it from>delivering messages since the weekend. I apologize for the >error and list traffic should get back to normal here soon.>>As a reminder, the address to send messages to is ntisp@iea-software.com. If>you have an address book or alias>for another address, please update the address.>>-- >Dale E. Reed Jr. (daler@iea-software.com)>_________________________________________________________________> IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs> Internet Solutions for Today | http://www.iea-software.com>
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 9 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: Re: NTISP ListFrom: "Dale E. Reed Jr." <daler@iea-software.com>Date: Thu, 21 May 1998 12:04:48 -0700
You need to send the unsubcribe message to ntisp-request@iea-software.comrather than the list itself. Alternately, you can use lists@iea-software.com.Make sure you include the listname you want to join/leave like:
join ntispleave ntisp
-- Dale E. Reed Jr. (daler@iea-software.com)_________________________________________________________________ IEA Software, Inc. | RadiusNT, Emerald, and NT FAQs Internet Solutions for Today | http://www.iea-software.com
..------ ------ ------ ------ ------ ------ ------ ------ ------ ------.| Message 10 |'------ ------ ------ ------ ------ ------ ------ ------ ------ ------'Subject: ASP and special charactersFrom: "Bill Appledorf" <bappled1@san.rr.com>Date: Thu, 21 May 1998 23:16:51 -0700
A few weeks ago someone posted a message here expressing concern aboutcapturing special characters input by users, transmitting these charactersin URL's, storing them in a database, and querying those values using ASP.
This person was also concerned that embedded single and double quotes inuser input pose a security risk because a malicious user might embeddestructive SQL in those fields. Modern databases do not allow this, and infact to allow it is considered a horrible bug, so I will not address thisissue.
Six characters pose special problems to ASP programmers, seven if you countspace (%20). These characters are & (%26), + (%2B), and ? (%3F) because theyhave special meaning in URL parameters strings, and " (%22), ' (%27), and |(%7C) because they have special meaning in SQL statements.
An ASP programmer must feel completely confident about four processes to beable to handle these characters successully:
1. If you reference Request.Form and Request.QueryString fields containingthese characters in your code, between <% and %> delimiters, you will findthat these characters are encoded as %nn escape sequences.
2. If you reference these same fields in your HTML, between <%= and %>delimiters, ASP decodes the escape sequences for you and displays them asASCII printable characters.
3. If you store these characters in your database as escape sequences, youcan use the escape sequences in queries, and you can use the escapesequences in URL parameter strings.
4. If you reference special characters as escape sequences internally inyour code, you have to decode them manually in order for them to displayproperly.
Given these facts, one way you can solve the problem of gnarly characters isto store Request.Form and Request.QueryString fields without decoding them,treat them as escape sequences in your code, and only decode them when youneed to display them.
There is a level of complexity, however that you must deal with in order forthis approach work. % (%25) characters are themselves encoded as escapesequences when you use them in Request.QueryString and Request.Form fields.
For example, suppose you create a field in a form like so:
<INPUT TYPE="HIDDEN" NAME="ID" VALUE="<%= ID %>"
and suppose ID is a string containing the value
"%22Hello%22" .
Code that references Request.QueryString("ID") or Request.Form("ID"),depending on whether you say GET or POST, will see the value
%2522Hello%2522
To decode this value properly, and to keep from concatenating strings of %25sequences in your Request.QueryString and Request.Form fields if you usethem to assemble URL's for Response.Redirect statements, you need to sayReplace(Request.QueryString("<field name">), "%25, "%") before youmanipulate these fields.
I am posting this message in hopes it might help a kindred soul or two outthere. Other people may have devised other ways to handle these characters.My bottom line design requirement is that users have to be able to typewhatever they want, and my code has to handle it transparently to them. Thismethod works for me. Perhaps it will work for you.
Bill Appledorfbillappledorf@usa.net- - - - - - - - - - - - - - - - - - - - - -