Re: Limiting user access to .tmpl files
This WebDNA talk-list message is from 1997
It keeps the original formatting.
numero = 11916
interpreted = N
texte = >My site can definitely serve .tmpl files outside of the WebCat folder. >How can I change it?WebCatalog must be able to serve files outside the WebCat folder, otherwise it can't process your WebDNA in the rest of your site. The feature you are looking at prevents it from serving files outside the WebSTAR folder.But all of this is moot -- your original question asked if someone could mess up another database by writing some WebDNA in their own portion of the site. The answer is yes. It makes no difference whether or not WebCat can serve files outside its own folder: you can always write WebDNA that messes with any database WebCatalog knows about, regardless of what folder that WebDNA resides in.Clarification: anonymous people cannot mess with your site. The only way someone can do something bad is under the following conditions:1) They can write files to your hard drive2) They have admin priveleges in WebCatalogIf you have someone writing nasty files to your hard drive (AppleScripts that erase files, WebDNA that messes with databases), then you should take steps to prevent them from doing that ever again. They may be using FTP or SiteEdit to write files on your hard drive.There is no anonymous way for someone to issue a WebCatalog command that writes a file to your hard drive, unless you explicitly give them some kind of form that uses WebDNA to write such a file. Anonymous people can append records to your databases, but you have a preference for turning this off.If you put two extra fields in your databases: username and password, then WebCatalog will never replace/delete that record unless the browser's current username/password match. This will prevent many of the problems you are foreseeing.Grant Hulbert, V.P. Engineering | ===== Tools for WebWarriors =====Pacific Coast Software | WebCatalog Pro, WebCommerce Solution11770 Bernardo Plaza Court | SiteEdit Pro, SiteCheck, PhotoMasterSan Diego, CA 92128 | SiteGuard619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com
Associated Messages, from the most recent to the oldest:
>My site can definitely serve .tmpl files outside of the WebCat folder. >How can I change it?WebCatalog must be able to serve files outside the WebCat folder, otherwise it can't process your WebDNA in the rest of your site. The feature you are looking at prevents it from serving files outside the WebSTAR folder.But all of this is moot -- your original question asked if someone could mess up another database by writing some WebDNA in their own portion of the site. The answer is yes. It makes no difference whether or not WebCat can serve files outside its own folder: you can always write WebDNA that messes with any database WebCatalog knows about, regardless of what folder that WebDNA resides in.Clarification: anonymous people cannot mess with your site. The only way someone can do something bad is under the following conditions:1) They can write files to your hard drive2) They have admin priveleges in WebCatalogIf you have someone writing nasty files to your hard drive (AppleScripts that erase files, WebDNA that messes with databases), then you should take steps to prevent them from doing that ever again. They may be using FTP or SiteEdit to write files on your hard drive.There is no anonymous way for someone to issue a WebCatalog command that writes a file to your hard drive, unless you explicitly give them some kind of form that uses WebDNA to write such a file. Anonymous people can append records to your databases, but you have a preference for turning this off.If you put two extra fields in your databases: username and password, then WebCatalog will never replace/delete that record unless the browser's current username/password match. This will prevent many of the problems you are foreseeing.Grant Hulbert, V.P. Engineering | ===== Tools for WebWarriors =====Pacific Coast Software | WebCatalog Pro, WebCommerce Solution11770 Bernardo Plaza Court | SiteEdit Pro, SiteCheck, PhotoMasterSan Diego, CA 92128 | SiteGuard619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com
Grant Hulbert
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
404 error page issue (2005)
WebCatalog f2 Installation (1997)
Sort of a Dilema! (1998)
error count with $purchase (1997)
Bug Report, maybe (1997)
Running 2 two WebCatalog.acgi's (1996)
Software & Sites (1998)
searching for last file... WebCat solutions (1999)
ShowNext and random sort (1998)
Displaying photo attached to first record (1997)
Firesite cache vs webcat cache (1997)
[SHOWIF AND/OR] (1997)
Using [Showif] tag. Mac (1997)
HTML Editors (1997)
Banner Rotation (2000)
all records returned. (1997)
[WebDNA] Triggers not working (2011)
creative use of webcatalog (1998)
Nested tags count question (1997)
WebCat editing, SiteGuard & SiteEdit (1997)