Security Tip
This WebDNA talk-list message is from 1996
It keeps the original formatting.
numero = 10102
interpreted = N
texte = Everyone who runs a WebCatalog site should know how WebCatalog deals with security.As you may know, the ShowPage command will display the contents of any text file on your server. This means you can use it to show the contents of a password file, or WebCatalog's own preferences file, which contains some catalog administration passwords.In WebCatalog's Preferences dialog there is a checkbox called Enable template security.1) if this box is NOT checked, then any file inside WebCatalog's folder (and further down) can be displayed with the ShowPage command. NO FILES OUTSIDE WebCatalog's folder can be displayed as the result of any template in any WebCatalog commands.2) if this box IS checked, then template files MUST contain the text somewhere near the top of the file. Also, ANY FILES OUTSIDE WebCatalog's folder can be templates (as long as is inside them). You can even use templates on other disks that are mounted on the desktop.So we recommend for best security that you turn on security in your preferences, and add the line somewhere inside the portion of all your templates.If you are ever in a situation where WebCatalog displays a completely blank page, then probably you forgot to put the into that template.[End of Public-Service Accouncement]Grant Hulbert, V.P. Engineering | Tools for WebWarriorsPacific Coast Software | WebCatalog, WebCommerce Solution11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMillSan Diego, CA 92128 |619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com
Associated Messages, from the most recent to the oldest:
Everyone who runs a WebCatalog site should know how WebCatalog deals with security.As you may know, the ShowPage command will display the contents of any text file on your server. This means you can use it to show the contents of a password file, or WebCatalog's own preferences file, which contains some catalog administration passwords.In WebCatalog's Preferences dialog there is a checkbox called Enable template security.1) if this box is NOT checked, then any file inside WebCatalog's folder (and further down) can be displayed with the ShowPage command. NO FILES OUTSIDE WebCatalog's folder can be displayed as the result of any template in any WebCatalog commands.2) if this box IS checked, then template files MUST contain the text somewhere near the top of the file. Also, ANY FILES OUTSIDE WebCatalog's folder can be templates (as long as is inside them). You can even use templates on other disks that are mounted on the desktop.So we recommend for best security that you turn on security in your preferences, and add the line somewhere inside the portion of all your templates.If you are ever in a situation where WebCatalog displays a completely blank page, then probably you forgot to put the into that template.[End of Public-Service Accouncement]Grant Hulbert, V.P. Engineering | Tools for WebWarriorsPacific Coast Software | WebCatalog, WebCommerce Solution11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMillSan Diego, CA 92128 |619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com
Grant Hulbert
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Webcatalog quitting (1997)
Exclamation point (1997)
Getting total number of items ordered (1997)
Need relative path explanation (1997)
TCPConnect / TCPSend to Solaris NN Enterprise (2002)
Locking up with WebCatalog... (1997)
WebCat2 - Getting to the browser's username/password data (1997)
Using Applescript to process WebCatalog functions (1998)
WebDelivery downloads alias, not original ? (1997)
Finding max value for a field (1997)
Shop from PDF (2004)
Sku numbers (1997)
Problems with dbcatalog.exe (1997)
2.0Beta Command Ref (can't find this instruction) (1997)
problems with 2 tags (1997)
[OT] Test - THE ANSWER (2003)
[WebDNA] WebDNA vs. php war ;-) (2010)
Search/sort in URL Was: GuestBook example (1997)
TCPConnect & TCPSend (2003)
no global [username] or [password] displayed ... (1997)