Re: protect tag on NT IIS

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 14745
interpreted = N
texte = >>Whether or not your pages are protected with a [protect] tag has >>nothing to do with WebCat's CommandSecurity and CommandsAllowed >>prefs. Pages protected with the [protect] tag only check the users.db >>for an acceptable username/password based on the group named in the >>protect tag. > >This is what I thought. But when I use $append within a form on a page >that is [protect]ed, webcat throws up the IIS-forms based page asking for >my username and password. No matter what I type in, the page does NOT >pass this protection. Then only way I got it to append was to (1) change >the preferences to allow for anonymous appends which I don't like and (2) >use the [append] context. > >My question is: Can I use the NT version with IIS and use a form based >append command on a [protect]ed page without adding append to my webcat >preferences for anonymous access? It seems to me that using forms based >append is not anonymous and is coming from the tpl file, not a URL. Is >this an IIS thing?Basically, WebCat sees no difference in getting a command from a URL or from a form. Because of this, you must enable the append command in the prefs if you want to use an append command from either a form or a hyperlink. Unless ...I seem to recall a *possible* way around this, and I have no idea whether my memory is correct on this point or not, but:You may NOT have to enable the append command in your prefs, provided the username and password values entered into the IIS-forms based page have ADMIN access. To test this theory, try entering the username and password of someone in the admin group when that form pops up, and maybe your append will work.If it does, at least you'll know that only those with admin access will be able to append from your form. That may not be what you really want, but you can always deal with this simply by putting your append into a context instead. Contexts are more secure anyways ... :)Sincerely, Ken Grome WebDNA Solutions http://www.smithmicro.com/webdnasolutions/. Associated Messages, from the most recent to the oldest:

    
  1. Re: protect tag on NT IIS (Olin 1997)
  2. Re: protect tag on NT IIS (Grant Hulbert 1997)
  3. Re: protect tag on NT IIS (Kenneth Grome 1997)
  4. Re: protect tag on NT IIS (Olin 1997)
  5. Re: protect tag on NT IIS (Kenneth Grome 1997)
  6. Re: protect tag on NT IIS (Olin 1997)
  7. Re: protect tag on NT IIS (Kenneth Grome 1997)
  8. protect tag on NT IIS (Olin 1997)
>>Whether or not your pages are protected with a [protect] tag has >>nothing to do with WebCat's CommandSecurity and CommandsAllowed >>prefs. Pages protected with the [protect] tag only check the users.db >>for an acceptable username/password based on the group named in the >>protect tag. > >This is what I thought. But when I use $append within a form on a page >that is [protect]ed, webcat throws up the IIS-forms based page asking for >my username and password. No matter what I type in, the page does NOT >pass this protection. Then only way I got it to append was to (1) change >the preferences to allow for anonymous appends which I don't like and (2) >use the [append] context. > >My question is: Can I use the NT version with IIS and use a form based >append command on a [protect]ed page without adding append to my webcat >preferences for anonymous access? It seems to me that using forms based >append is not anonymous and is coming from the tpl file, not a URL. Is >this an IIS thing?Basically, WebCat sees no difference in getting a command from a URL or from a form. Because of this, you must enable the append command in the prefs if you want to use an append command from either a form or a hyperlink. Unless ...I seem to recall a *possible* way around this, and I have no idea whether my memory is correct on this point or not, but:You may NOT have to enable the append command in your prefs, provided the username and password values entered into the IIS-forms based page have ADMIN access. To test this theory, try entering the username and password of someone in the admin group when that form pops up, and maybe your append will work.If it does, at least you'll know that only those with admin access will be able to append from your form. That may not be what you really want, but you can always deal with this simply by putting your append into a context instead. Contexts are more secure anyways ... :)Sincerely, Ken Grome WebDNA Solutions http://www.smithmicro.com/webdnasolutions/. Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Database (1999) Re:HTTP header line is too long? (1997) Hiding HTML and breaking the page (1997) My slower response (1997) firewall ports for Mac OS X/WebCatalog (2001) WebCat for Site Search? (1997) Catalogs and W* (1996) Handy Browser Counter Tip (1997) Form Validation (2000) Non-Cart Files in Shopping Cart Folder (1997) WCS Newbie question (1997) service stop and restart (1997) [WebDNA] AC paymethod is missing (2008) more on quicktime test stuff (1997) ODBC to WebCat (2000) New Command prefs ... (1997) WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997) setlineiems and UnitShip Cost (2000) Mac 3.0.5b11 PI -- template cache and aliases (1999) SiteEdit Pro Update Announcement (1997)