Re: Limiting user access to .tmpl files

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 11916
interpreted = N
texte = >My site can definitely serve .tmpl files outside of the WebCat folder. >How can I change it?WebCatalog must be able to serve files outside the WebCat folder, otherwise it can't process your WebDNA in the rest of your site. The feature you are looking at prevents it from serving files outside the WebSTAR folder.But all of this is moot -- your original question asked if someone could mess up another database by writing some WebDNA in their own portion of the site. The answer is yes. It makes no difference whether or not WebCat can serve files outside its own folder: you can always write WebDNA that messes with any database WebCatalog knows about, regardless of what folder that WebDNA resides in.Clarification: anonymous people cannot mess with your site. The only way someone can do something bad is under the following conditions:1) They can write files to your hard drive 2) They have admin priveleges in WebCatalogIf you have someone writing nasty files to your hard drive (AppleScripts that erase files, WebDNA that messes with databases), then you should take steps to prevent them from doing that ever again. They may be using FTP or SiteEdit to write files on your hard drive.There is no anonymous way for someone to issue a WebCatalog command that writes a file to your hard drive, unless you explicitly give them some kind of form that uses WebDNA to write such a file. Anonymous people can append records to your databases, but you have a preference for turning this off.If you put two extra fields in your databases: username and password, then WebCatalog will never replace/delete that record unless the browser's current username/password match. This will prevent many of the problems you are foreseeing.Grant Hulbert, V.P. Engineering | ===== Tools for WebWarriors ===== Pacific Coast Software | WebCatalog Pro, WebCommerce Solution 11770 Bernardo Plaza Court | SiteEdit Pro, SiteCheck, PhotoMaster San Diego, CA 92128 | SiteGuard 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Associated Messages, from the most recent to the oldest:

    
  1. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  2. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  3. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  4. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  5. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  6. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  7. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  8. Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
>My site can definitely serve .tmpl files outside of the WebCat folder. >How can I change it?WebCatalog must be able to serve files outside the WebCat folder, otherwise it can't process your WebDNA in the rest of your site. The feature you are looking at prevents it from serving files outside the WebSTAR folder.But all of this is moot -- your original question asked if someone could mess up another database by writing some WebDNA in their own portion of the site. The answer is yes. It makes no difference whether or not WebCat can serve files outside its own folder: you can always write WebDNA that messes with any database WebCatalog knows about, regardless of what folder that WebDNA resides in.Clarification: anonymous people cannot mess with your site. The only way someone can do something bad is under the following conditions:1) They can write files to your hard drive 2) They have admin priveleges in WebCatalogIf you have someone writing nasty files to your hard drive (AppleScripts that erase files, WebDNA that messes with databases), then you should take steps to prevent them from doing that ever again. They may be using FTP or SiteEdit to write files on your hard drive.There is no anonymous way for someone to issue a WebCatalog command that writes a file to your hard drive, unless you explicitly give them some kind of form that uses WebDNA to write such a file. Anonymous people can append records to your databases, but you have a preference for turning this off.If you put two extra fields in your databases: username and password, then WebCatalog will never replace/delete that record unless the browser's current username/password match. This will prevent many of the problems you are foreseeing.Grant Hulbert, V.P. Engineering | ===== Tools for WebWarriors ===== Pacific Coast Software | WebCatalog Pro, WebCommerce Solution 11770 Bernardo Plaza Court | SiteEdit Pro, SiteCheck, PhotoMaster San Diego, CA 92128 | SiteGuard 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Grant Hulbert

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

404 error page issue (2005) WebCatalog f2 Installation (1997) Sort of a Dilema! (1998) error count with $purchase (1997) Bug Report, maybe (1997) Running 2 two WebCatalog.acgi's (1996) Software & Sites (1998) searching for last file... WebCat solutions (1999) ShowNext and random sort (1998) Displaying photo attached to first record (1997) Firesite cache vs webcat cache (1997) [SHOWIF AND/OR] (1997) Using [Showif] tag. Mac (1997) HTML Editors (1997) Banner Rotation (2000) all records returned. (1997) [WebDNA] Triggers not working (2011) creative use of webcatalog (1998) Nested tags count question (1997) WebCat editing, SiteGuard & SiteEdit (1997)