Re: [replace] has protection feature like [delete]?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31540
interpreted = N
texte = If you let me admin my own record in the users.db, I can add any group I want to my own 'groups' field, then I can access all [protect]ed pages on the entire site -- whether or not that's what you wanted me to be able to do.The old username/password field stuff is a hold-over from webcat 1.6, and it's no longer considered the best way to secure your db's by any means ... I'm surprised that code was never removed from webcatalog a long time ago ... >otherwise how does one allow differing levels of administrators to >[replace] *only* >their alloted records in a db which is accessed by ALL level of admin? > (ie. prevent them from editing records that do not belong to their >authenticate group?) > >-John > >John Butler wrote: > >> [DELETE db=DatabasePath&eqNAMEdata=Fred] >> ... Note: if the database has username and password fields, then >>the records will not >> be deleted unless the visitor's web browser username/password >>match the record's >> username/password. >> >> is this behaviour also true for the [replace] context? There is >>no mention of it in >> the docs, but it would be nice to have that option so I ask... >> >> -John >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: [replace] has protection feature like [delete]? (John Butler 2000)
  2. Re: [replace] has protection feature like [delete]? (WebDNA Support 2000)
  3. Re: [replace] has protection feature like [delete]? (John Butler 2000)
  4. Re: [replace] has protection feature like [delete]? (Kenneth Grome 2000)
  5. [replace] has protection feature like [delete]? (John Butler 2000)
If you let me admin my own record in the users.db, I can add any group I want to my own 'groups' field, then I can access all [protect]ed pages on the entire site -- whether or not that's what you wanted me to be able to do.The old username/password field stuff is a hold-over from webcat 1.6, and it's no longer considered the best way to secure your db's by any means ... I'm surprised that code was never removed from webcatalog a long time ago ... >otherwise how does one allow differing levels of administrators to >[replace] *only* >their alloted records in a db which is accessed by ALL level of admin? > (ie. prevent them from editing records that do not belong to their >authenticate group?) > >-John > >John Butler wrote: > >> [DELETE db=DatabasePath&eqNAMEdata=Fred] >> ... Note: if the database has username and password fields, then >>the records will not >> be deleted unless the visitor's web browser username/password >>match the record's >> username/password. >> >> is this behaviour also true for the [replace] context? There is >>no mention of it in >> the docs, but it would be nice to have that option so I ask... >> >> -John >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

https validation (2001) Fax Broadcast (1998) Multithreading of [replace] (1999) calculating tax rates, mail order solutions and version 2 (1997) [WebDNA] Problems with WebCatalogCtl command (2009) [append] (1998) question: search return in order (1997) Date range (2006) Thanks and Big News!!! (1997) Math variable size-dumb question (1999) Separate SSL Server (1997) SiteGuard Admin Feature ? (1997) RE: [WebDNA] Dreamweaver Tag Libraries and Snippets (2011) WebCat2b12--[searchstring] bug (1997) error -108 (1997) RE: Error: template (1997) What am I missing (1997) Hiding usernames and passwords in URL (1998) No spaces allowed in text variable names ... ? (2002) functions... (2005)