Webcat Security

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 15941
interpreted = N
texte = I am running webcat on an NT running IIS, as well as a couple of macs. But my big concern at the moment is my NT site. It is rather large commercial site. I am nearing completion and would like to tighten down on my security issues. Overall site usage is as such. Approximately 25,000 authenticated members(expandle to hundreds of thousands) read only have access to a searchable database, lets call it lakes.db. We also have another 100 authenticated IP's(expandible up to thousands) or information providers they have append, replace, read access to the lakes.db. Then I have the site owners or elite users there are 2 of them and they have append, replace, delete privileges, to the lakes.db as well as other databases handling information about the members and IP's. Including editing all users from the users.db who belong to their groups either ffip, or ffmb. I had to add the 2 site owners to the admin group for them to be able to edit the users.db(Was this necessary) or can I just pass an admin name and password as a variable in a contextual append/delete? Additionally I had to turn on allow all commands, ooh scary.Now my concerns, were my actions neccessary based on this setup?How can I improve my security?Base on the allow all commands, couldn't someone with a little bit of knowledge just start deleting records? ie turn the command=search in the url to command=delete?I know the knew version supports [encrypt] [decrypt]. How can this help me with in the clear passwords and usernames.Some of this information can affect how and what I do on my macs so any bits of cross platform information would be helpful.Plain english as well as webdna is appreciated. Maybe even more.I am running the latest beta version on the NT btw.Robert Minor ______________________________________ Cybermill Communications 8616 Joseph Ave. St. Louis, MO 63144 (314) 962-4024webmaster@cybermill.com http://www.cybermill.com ______________________________________ Always looking for the easy way! Associated Messages, from the most recent to the oldest:

    
  1. Webcat Security (bob 1998)
I am running webcat on an NT running IIS, as well as a couple of macs. But my big concern at the moment is my NT site. It is rather large commercial site. I am nearing completion and would like to tighten down on my security issues. Overall site usage is as such. Approximately 25,000 authenticated members(expandle to hundreds of thousands) read only have access to a searchable database, lets call it lakes.db. We also have another 100 authenticated IP's(expandible up to thousands) or information providers they have append, replace, read access to the lakes.db. Then I have the site owners or elite users there are 2 of them and they have append, replace, delete privileges, to the lakes.db as well as other databases handling information about the members and IP's. Including editing all users from the users.db who belong to their groups either ffip, or ffmb. I had to add the 2 site owners to the admin group for them to be able to edit the users.db(Was this necessary) or can I just pass an admin name and password as a variable in a contextual append/delete? Additionally I had to turn on allow all commands, ooh scary.Now my concerns, were my actions neccessary based on this setup?How can I improve my security?Base on the allow all commands, couldn't someone with a little bit of knowledge just start deleting records? ie turn the command=search in the url to command=delete?I know the knew version supports [encrypt] [decrypt]. How can this help me with in the clear passwords and usernames.Some of this information can affect how and what I do on my macs so any bits of cross platform information would be helpful.Plain english as well as webdna is appreciated. Maybe even more.I am running the latest beta version on the NT btw.Robert Minor ______________________________________ Cybermill Communications 8616 Joseph Ave. St. Louis, MO 63144 (314) 962-4024webmaster@cybermill.com http://www.cybermill.com ______________________________________ Always looking for the easy way! bob

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

ShipCost and TaxRate problems (1998) New Command prefs ... (1997) TCPconnect issue (2000) RE: [sendmail]- bcc? (1998) French Webcat User (2002) Listfiles on network with NT (2000) Where's Cart Created ? (1997) WebMerchant? (1998) problems with WebCat-Plugin () WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) Extended [ConvertChars] (1997) [WebDNA] Webcat 6 - MacIntel - iTools (2008) The Answer: Emailer & WebStar Mail and 551 Error (2000) purchase.log file (1997) Date problems (1997) [format 40s]text[/format] doesn't work (1997) Resume Catalog ? (1997) No luck with taxes (1997) LDAP (2004) [ConvertChars] problem (1997)