Re: [WebDNA] Admin Login Required to Serve any TPL Page

This WebDNA talk-list message is from

2009


It keeps the original formatting.
numero = 102922
interpreted = N
texte = Brian Fries wrote: > This problem sounds like "showpage" was removed from the "Command > Security" area of the WebDNA Preferences. Under the checked radio button > labeled "Only the following commands may be issued by > non-administrators" the text box must at a bare minimum include > "ShowPage". Unless you've got an old site that relies on URL-based > commands, ShowPage is the only command that needs to be listed there. This is one of those "now why didn't I think of that" times. ;-) good call Brian. I have seen where a webserver config is the cause of an auth on certain pages, but this is the much more obvious I think. > Also, the "Maximum found items" only applies to URL-based Search commands. Right.. concerning this, I was thinking it would be nice to have this work for the contexts as well. It may be a useful tool for server/sandbox administrators to be able to put a global limit on results (to protect against DOS/spider attacks etc..). It probably would not be a priority for us, because there are other ways to protect the server searches, but it may be a good enough addition. > Check the docs to understand the difference between URL-based commands > and in-line contexts for executing WebDNA. URL-based commands are > generally not recommended, primarily for security reasons. In the early > days of WebCatalog (the original product name), URL-based commands were > the primary way of using WebDNA (originally the name of the coding > language used by WebCatalog, used as the product name after Smith Micro > bought the product from Pacific Coast Software). > > I'd actually suggest to the WebDNA dev team that perhaps the URL-based > commands should be deprecated and removed from version 7 of WebDNA. > > Brian Fries > BrainScan Software I agree about the use of commands in general, except that it is my inclination to leave them in there (at least for the current "ISP" versions) for backwards compatibility reasons, as well as for the occasional uses, such as: ?command=flushdatabases etc.. I don't think they hurt anything for the moment, and for gold CICADA, we took out a couple/few more of the default allowed commands. I'd sure hear comments/reasoning for taking them out however (preferably off list). Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Paul Willis 2009)
  2. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Donovan Brooke 2009)
  3. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Brian Fries 2009)
  4. [WebDNA] Admin Login Required to Serve any TPL Page Fixed (David Doda 2009)
  5. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Chris 2009)
  6. Re: [WebDNA] Admin Login Required to Serve any TPL Page (David Doda 2009)
  7. Re: [WebDNA] Admin Login Required to Serve any TPL Page (David Doda 2009)
  8. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Donovan Brooke 2009)
  9. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Donovan Brooke 2009)
  10. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Chris 2009)
  11. Re: [WebDNA] Admin Login Required to Serve any TPL Page (David Doda 2009)
  12. Re: [WebDNA] Admin Login Required to Serve any TPL Page (David Doda 2009)
  13. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Paul Willis 2009)
  14. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Donovan Brooke 2009)
  15. Re: [WebDNA] Admin Login Required to Serve any TPL Page (bharrington@1choicerealty.com 2009)
  16. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Paul Willis 2009)
  17. Re: [WebDNA] Admin Login Required to Serve any TPL Page (Donovan Brooke 2009)
  18. [WebDNA] Admin Login Required to Serve any TPL Page (David Doda 2009)
Brian Fries wrote: > This problem sounds like "showpage" was removed from the "Command > Security" area of the WebDNA Preferences. Under the checked radio button > labeled "Only the following commands may be issued by > non-administrators" the text box must at a bare minimum include > "ShowPage". Unless you've got an old site that relies on URL-based > commands, ShowPage is the only command that needs to be listed there. This is one of those "now why didn't I think of that" times. ;-) good call Brian. I have seen where a webserver config is the cause of an auth on certain pages, but this is the much more obvious I think. > Also, the "Maximum found items" only applies to URL-based Search commands. Right.. concerning this, I was thinking it would be nice to have this work for the contexts as well. It may be a useful tool for server/sandbox administrators to be able to put a global limit on results (to protect against DOS/spider attacks etc..). It probably would not be a priority for us, because there are other ways to protect the server searches, but it may be a good enough addition. > Check the docs to understand the difference between URL-based commands > and in-line contexts for executing WebDNA. URL-based commands are > generally not recommended, primarily for security reasons. In the early > days of WebCatalog (the original product name), URL-based commands were > the primary way of using WebDNA (originally the name of the coding > language used by WebCatalog, used as the product name after Smith Micro > bought the product from Pacific Coast Software). > > I'd actually suggest to the WebDNA dev team that perhaps the URL-based > commands should be deprecated and removed from version 7 of WebDNA. > > Brian Fries > BrainScan Software I agree about the use of commands in general, except that it is my inclination to leave them in there (at least for the current "ISP" versions) for backwards compatibility reasons, as well as for the occasional uses, such as: ?command=flushdatabases etc.. I don't think they hurt anything for the moment, and for gold CICADA, we took out a couple/few more of the default allowed commands. I'd sure hear comments/reasoning for taking them out however (preferably off list). Donovan -- Donovan Brooke WebDNA Software Corporation http://www.webdna.us **[Square Bracket Utopia]** Donovan Brooke

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

declined orders webmerchant not showing up? (2005) Now you see it now you donīt (1997) emailer w/F2 (1997) Help! WebCat2 bug (1997) adding up in a db (1997) Weird problems with [SHOWIF]s (1997) creator code (1997) [WebDNA] Accepting Payments on Site (2013) completed orders database (1997) [AppendFile] problem (WebCat2b13 Mac .acgi) (1997) Question from a Neebie (2000) Re:Variable Math (1998) Server Load (2000) b12 cannot limit records returned and more. (1997) HTML Editors (1997) Grant, please help me ... (1997) writing db to disk (1997) WebCat2b12plugin - [search] is broken ... not! (1997) RAM variables (1997) Blasted shownext (request for 4.0) (1998)