Re: Paths, relative paths, webstar server setup and security (Mac)

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 14873
interpreted = N
texte = >Are their any security gotcha's that we need to look out for (like being >able to type www.mydomain.com/webstar.log and displaying a list of all >hits on the site, or competitors typing in www.mydomain.com/items.db and >getting a dump of our hard-earned database)?There are 2 ways a file can be viewed by hackers: WebStar can serve it via plain URL, but if it has the WWW‡ filetype then it won't. WebCatalog could be coerced into showing it with $ShowPage, but not if it has WWW‡. The reason we added template extensions pref was to prevent WebCatalog from showing files that *weren't* protected by WWW‡.Make sure your WebCatalog preferences don't allow anonymous $Commands such as $Delete, $Append, $Replace, etc. Also make sure the preference for allowable extensions for viewing files is set to .tmpl, and databases are .db (these are the default settings for 2.0.1).>Also, for neatnicks who like to organize everything into folders, what >WebCatalog files have to be together? Do databases have to be in the >same folder as Webstar or WebCatalog or the templates that use themMost of the guts of the WebCatalog folder should stay together, but the examples (TeaRoom, GeneralStore) were designed as completely moveable folders with all relative paths. So you can drag them aywhere and they will still work. Your projects should be organized the same way.If you have some [include] files or databases that are used in all your projects, then you can put them in a folder at the root of the W* hierarchy and access them as absolute paths like the following:[include /globals/header.inc]That preceding / means to look for the file starting at the root, inside a folder called globals (just like URLs). Same with db, as in[search db=/globals/taxRates.db]You can also look 'up' one folder or more by using relative paths like this (also just like URLs):[include ../header.inc] or [include ../../header.inc]All of these paths are relative to the template itself. So if the db is in the same folder as the template, then you don't need to use / or anything. If you want to look down inside a folder that is at the same level as your template, then do this:[search db=LocalFolder/xx.db]Notice that without the preceding /, it looks in the same folder as the template for a folder called LocalFolder.>(I've never seen a relative path to a database in examples)?Actually they're *all* relative, but it doesn't look like it, because all the files are local to the same folder, so the relative path is simply the filename.Grant Hulbert, V.P. Engineering | ==== eCommerce for the Rest of Us ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Paths, relative paths, webstar server setup and security (Mac) (Sandra L. Pitner 1997)
  2. Re: Paths, relative paths, webstar server setup and security (Mac) (Sandra L. Pitner 1997)
  3. Re: Paths, relative paths, webstar server setup and security (Mac) (Grant Hulbert 1997)
>Are their any security gotcha's that we need to look out for (like being >able to type www.mydomain.com/webstar.log and displaying a list of all >hits on the site, or competitors typing in www.mydomain.com/items.db and >getting a dump of our hard-earned database)?There are 2 ways a file can be viewed by hackers: WebStar can serve it via plain URL, but if it has the WWW‡ filetype then it won't. WebCatalog could be coerced into showing it with $ShowPage, but not if it has WWW‡. The reason we added template extensions pref was to prevent WebCatalog from showing files that *weren't* protected by WWW‡.Make sure your WebCatalog preferences don't allow anonymous $Commands such as $Delete, $Append, $Replace, etc. Also make sure the preference for allowable extensions for viewing files is set to .tmpl, and databases are .db (these are the default settings for 2.0.1).>Also, for neatnicks who like to organize everything into folders, what >WebCatalog files have to be together? Do databases have to be in the >same folder as Webstar or WebCatalog or the templates that use themMost of the guts of the WebCatalog folder should stay together, but the examples (TeaRoom, GeneralStore) were designed as completely moveable folders with all relative paths. So you can drag them aywhere and they will still work. Your projects should be organized the same way.If you have some [include] files or databases that are used in all your projects, then you can put them in a folder at the root of the W* hierarchy and access them as absolute paths like the following:[include /globals/header.inc]That preceding / means to look for the file starting at the root, inside a folder called globals (just like URLs). Same with db, as in[search db=/globals/taxRates.db]You can also look 'up' one folder or more by using relative paths like this (also just like URLs):[include ../header.inc] or [include ../../header.inc]All of these paths are relative to the template itself. So if the db is in the same folder as the template, then you don't need to use / or anything. If you want to look down inside a folder that is at the same level as your template, then do this:[search db=LocalFolder/xx.db]Notice that without the preceding /, it looks in the same folder as the template for a folder called LocalFolder.>(I've never seen a relative path to a database in examples)?Actually they're *all* relative, but it doesn't look like it, because all the files are local to the same folder, so the relative path is simply the filename.Grant Hulbert, V.P. Engineering | ==== eCommerce for the Rest of Us ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ Grant Hulbert

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Re1000002: Setting up shop (1997) I'm having trouble using [url][interpret][math] together in lookup (1997) Mailer (2006) WebCat for mass emailings (1997) WebSTAR/WebCat is serving .db files! (1999) RE: Answer: WebDelivery downloads alias, not original ? (1997) TCPSend / Netscape Server 4.1 (2003) Webcat run amuk (2002) Bug Report, maybe (1997) shipcost (1997) Price recalc based on quantity (1997) Cancel Subscription (1996) WebCat2b15MacPlugin - [protect] (1997) Finding max value for a field (1997) WebDNA Quick Reference (Reserved Words) (2000) form validator issue (2005) redirect from the errorsMessages.db entry (1997) system crashes, event log (1997) list cookies and list http headers (1997) Sort Order on a page search (1997)