Security Tip

This WebDNA talk-list message is from

1996

It keeps the original formatting. numero = 10102
interpreted = N
texte = Everyone who runs a WebCatalog site should know how WebCatalog deals with security.As you may know, the ShowPage command will display the contents of any text file on your server. This means you can use it to show the contents of a password file, or WebCatalog's own preferences file, which contains some catalog administration passwords.In WebCatalog's Preferences dialog there is a checkbox called Enable template security.1) if this box is NOT checked, then any file inside WebCatalog's folder (and further down) can be displayed with the ShowPage command. NO FILES OUTSIDE WebCatalog's folder can be displayed as the result of any template in any WebCatalog commands.2) if this box IS checked, then template files MUST contain the text somewhere near the top of the file. Also, ANY FILES OUTSIDE WebCatalog's folder can be templates (as long as is inside them). You can even use templates on other disks that are mounted on the desktop.So we recommend for best security that you turn on security in your preferences, and add the line somewhere inside the portion of all your templates.If you are ever in a situation where WebCatalog displays a completely blank page, then probably you forgot to put the into that template.[End of Public-Service Accouncement]Grant Hulbert, V.P. Engineering | Tools for WebWarriorsPacific Coast Software | WebCatalog, WebCommerce Solution11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMillSan Diego, CA 92128 |619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Associated Messages, from the most recent to the oldest:

Re: Security Tip (Greg Lindberg 1996)
Security Tip (Grant Hulbert 1996)

Everyone who runs a WebCatalog site should know how WebCatalog deals with security.As you may know, the ShowPage command will display the contents of any text file on your server. This means you can use it to show the contents of a password file, or WebCatalog's own preferences file, which contains some catalog administration passwords.In WebCatalog's Preferences dialog there is a checkbox called Enable template security.1) if this box is NOT checked, then any file inside WebCatalog's folder (and further down) can be displayed with the ShowPage command. NO FILES OUTSIDE WebCatalog's folder can be displayed as the result of any template in any WebCatalog commands.2) if this box IS checked, then template files MUST contain the text somewhere near the top of the file. Also, ANY FILES OUTSIDE WebCatalog's folder can be templates (as long as is inside them). You can even use templates on other disks that are mounted on the desktop.So we recommend for best security that you turn on security in your preferences, and add the line somewhere inside the portion of all your templates.If you are ever in a situation where WebCatalog displays a completely blank page, then probably you forgot to put the into that template.[End of Public-Service Accouncement]Grant Hulbert, V.P. Engineering | Tools for WebWarriorsPacific Coast Software | WebCatalog, WebCommerce Solution11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMillSan Diego, CA 92128 |619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Grant Hulbert

DOWNLOAD WEBDNA NOW!

Security Tip

1996

Top Articles:

Related Readings: