Re: Protect
This WebDNA talk-list message is from 1997
It keeps the original formatting.
numero = 14250
interpreted = N
texte = >>So I want them to only be able to interact >>with their own templates and databases in their directory.>>Anyone who has rights to change a template can create WebDNA that does >lots of nasty things, roughly analogous to someone who has rights to >upload a CGI. The best protection you have is to give vendors an >administrative interface to modify their databases via forms, but don't >let them change template files.>>Grant Hulbert, V.P. Engineering | ==== eCommerce for the Rest of Us ====>Pacific Coast Software | WebCatalog, WebMerchant>11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster>San Diego, CA 92128 | SiteGuard>619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com>>>This is exactly what I thought. I don't think some of the others see the ramifications with this. I have a couple of companies that do web design in webcatalog. I am teaching them the basics. Being a programmer from way back I seen the problem right away and wanted to protect it. Now that I know I can't I will have to use other threats to them. Like crash something and it costs you $25. So make sure your code is good and non malicious.Bennie**************************************Bennie Warren /\LemooreNet / /320 West D Street / /Lemoore, CA 93245 / / /\ /\ Phone: 209.924.5909 / /_ _ / \ / /Fax 209.924.9578 \ _ _ / /\ \/ /bennie@lemoorenet.com / / \ /http://www.lemoorenet.com /_/ \/**************************************
Associated Messages, from the most recent to the oldest:
>>So I want them to only be able to interact >>with their own templates and databases in their directory.>>Anyone who has rights to change a template can create WebDNA that does >lots of nasty things, roughly analogous to someone who has rights to >upload a CGI. The best protection you have is to give vendors an >administrative interface to modify their databases via forms, but don't >let them change template files.>>Grant Hulbert, V.P. Engineering | ==== eCommerce for the Rest of Us ====>Pacific Coast Software | WebCatalog, WebMerchant>11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster>San Diego, CA 92128 | SiteGuard>619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com>>>This is exactly what I thought. I don't think some of the others see the ramifications with this. I have a couple of companies that do web design in webcatalog. I am teaching them the basics. Being a programmer from way back I seen the problem right away and wanted to protect it. Now that I know I can't I will have to use other threats to them. Like crash something and it costs you $25. So make sure your code is good and non malicious.Bennie**************************************Bennie Warren /\LemooreNet / /320 West D Street / /Lemoore, CA 93245 / / /\ /\ Phone: 209.924.5909 / /_ _ / \ / /Fax 209.924.9578 \ _ _ / /\ \/ /bennie@lemoorenet.com / / \ /http://www.lemoorenet.com /_/ \/**************************************
Bennie Warren
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
New WebMerchant/Mac beta available (1997)
Protecting webdelivery (1997)
Can you identify the [body]? (1999)
Tool of Use to Unix WebCat Admins (2000)
How to search for fields with 10 or more characters? (2004)
Showing unopened cart (1997)
Signal Raised (1997)
incrementing a counter remotely? (1999)
Calculating Standard Deviation (2005)
WML (2000)
View order not right (1997)
Cart ID (1999)
billing system (2003)
HTML Editors (1997)
Order not created error (1997)
[WebDNA] Gulf Coast WebDNA programmers (2010)
Re[2]: Date Time Oddness (1999)
BUG REPORT -- Refusing connections! (1999)
Major bug report on rootbeer (1997)
Cookies (1999)