Re: Protecting databases

This WebDNA talk-list message is from

1999


It keeps the original formatting.
numero = 23888
interpreted = N
texte = Ken,>>I primarily do webhosting for a few friends and and some non-profits and >>small businesses. I would like to let some of these folks use the server >>side capabilities of webcat, but am concerned about letting them have too >>much of the documentation as I am concerned that is could compromise the >>integrity of my databases. > >Your users can get the documentation free at the PCS website, so you >should probably assume that they will eventually know as much as you do >about writing webdna code. Even if they don't know the webdna language >now, they will some day, especially when you start giving them a taste of >what it can do ... :) > >Therefore, I think your major concerns will be whether or not you allow >commands, and whether or not you allow file uploads to your website >hierarchy ...My plan was not to let them use the databases, rather just the server side features within their webpages.>>Is there anyway to protect a database from being modified from any >>templates other than the ones I create? > >No, not unless you do BOTH of the following: > >1- Disable commands (use contexts exclusively instead). >2- Prevent users from uploading files to your website hierarchy. > >#1 is always practical. And while #2 may not seem very practical, it is >absolutely critical!I actually do hosting for them so they (in most cases) are responsible for their own code. One of my concerns was that someone could by mistake mess things up. Since they won't know my database names and can't view my code, I don't think it will be mcuh of a problem.Of course I can always not put my databases in the 'globals' folder and that would make it even harder as they do not have access to the files under my primary domains - only their own.I will probabaly be restrictive as to what docs I give them. Most of the people doing their own code are friends, for a couple others I do the code for them so this is probably not a big concern, but something to keep in the back of my mind.>And if you *ever* allow your clients to send webdna commands such as >'replace' or 'delete' -- or if you let them upload webdna templates >directly to your website hierarchy -- you're asking for a heap of trouble ... > >Sincerely, >Kenneth Grome >WebDNA ConsultantThanks! Associated Messages, from the most recent to the oldest:

    
  1. Re: Protecting databases (webcat 1999)
  2. Re: Protecting databases (Kenneth Grome 1999)
  3. Re: Protecting databases (webcat 1999)
  4. Re: Protecting databases (Kenneth Grome 1999)
  5. Protecting databases (webcat 1999)
Ken,>>I primarily do webhosting for a few friends and and some non-profits and >>small businesses. I would like to let some of these folks use the server >>side capabilities of webcat, but am concerned about letting them have too >>much of the documentation as I am concerned that is could compromise the >>integrity of my databases. > >Your users can get the documentation free at the PCS website, so you >should probably assume that they will eventually know as much as you do >about writing webdna code. Even if they don't know the webdna language >now, they will some day, especially when you start giving them a taste of >what it can do ... :) > >Therefore, I think your major concerns will be whether or not you allow >commands, and whether or not you allow file uploads to your website >hierarchy ...My plan was not to let them use the databases, rather just the server side features within their webpages.>>Is there anyway to protect a database from being modified from any >>templates other than the ones I create? > >No, not unless you do BOTH of the following: > >1- Disable commands (use contexts exclusively instead). >2- Prevent users from uploading files to your website hierarchy. > >#1 is always practical. And while #2 may not seem very practical, it is >absolutely critical!I actually do hosting for them so they (in most cases) are responsible for their own code. One of my concerns was that someone could by mistake mess things up. Since they won't know my database names and can't view my code, I don't think it will be mcuh of a problem.Of course I can always not put my databases in the 'globals' folder and that would make it even harder as they do not have access to the files under my primary domains - only their own.I will probabaly be restrictive as to what docs I give them. Most of the people doing their own code are friends, for a couple others I do the code for them so this is probably not a big concern, but something to keep in the back of my mind.>And if you *ever* allow your clients to send webdna commands such as >'replace' or 'delete' -- or if you let them upload webdna templates >directly to your website hierarchy -- you're asking for a heap of trouble ... > >Sincerely, >Kenneth Grome >WebDNA ConsultantThanks! webcat

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Emailer choke (1997) Type 2 errors with WebCatalog.acgi (1997) Re:quit command on NT (1997) Protecting Realms (1998) virtual domain service (1997) [WebDNA] [OT] htaccess question (2017) Cookies Question (2000) 2nd WebCatalog2 Feature Request (1996) RE: [WebDNA] Foreign characters (2009) (2009) Authorize net down? (2005) Separate SSL Server (1997) Creating folders and deleting files (1997) WebCat2 beta 11 - new prefs ... (1997) Cart Numbers (1997) Copyright ? (1997) [Sum] function? (1997) Dummy Credit Card Number for debug? (1997) Multiple Stores and WebCatalog Prefs (1997) Some Questions (1997) Nav. 4 probs with cart (1997)