Re: why am I getting an authenticate dialog with no [protect]?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 36095
interpreted = N
texte = > on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote: > >> No, that's not the issue. I'm actually passing an Append command to the db, >> and I didn't have Append in the list of allowed non-admin commands, as Chris >> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to > non-admin users you are opening up a huge security hole. Now, anyone with a > little knowledge of WebDNA can input Append command strings that would wreak > havoc on your system. > > The answer to this problem is to NOT open up destructive commands to > non-admin users. ALWAYS use contexts instead of commands whenever possible. > See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, but that's a global security setting. I think I'm going to have to re-code those couple of pages to avoid that.Thanks to everyone for the reminders.Cheers, Steve ------------------------------------------------ Steven Jarvis Web Developer sjarvis@nwaonline.netMorning News of Northwest Arkansas http://www.nwaonline.net ------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  2. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  3. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  4. Re: why am I getting an authenticate dialog with no [protect]? (Peter Ostry 2000)
  5. Re: why am I getting an authenticate dialog with no [protect]? (Marty Schmid 2000)
  6. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  7. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  8. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  9. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  10. Re: why am I getting an authenticate dialog with no [protect]? (Chris Allman 2000)
  11. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  12. Re: why am I getting an authenticate dialog with no [protect]? (Joseph D'Andrea 2000)
  13. why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
> on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote: > >> No, that's not the issue. I'm actually passing an Append command to the db, >> and I didn't have Append in the list of allowed non-admin commands, as Chris >> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to > non-admin users you are opening up a huge security hole. Now, anyone with a > little knowledge of WebDNA can input Append command strings that would wreak > havoc on your system. > > The answer to this problem is to NOT open up destructive commands to > non-admin users. ALWAYS use contexts instead of commands whenever possible. > See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, but that's a global security setting. I think I'm going to have to re-code those couple of pages to avoid that.Thanks to everyone for the reminders.Cheers, Steve ------------------------------------------------ Steven Jarvis Web Developer sjarvis@nwaonline.netMorning News of Northwest Arkansas http://www.nwaonline.net ------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Steven Jarvis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Problems getting parameters passed into email. (1997) Nesting FoundItem Context (1997) Problem with encrypted cookies (2000) PIXO support (1997) Problems appending to database (1997) Emailer problems addition (1999) Grep to strip junk from emails? (2004) Migrating to NT (1997) all records returned. (1997) Securing/hiding database file (2000) Converting spaces to + in results list (SOLVED) (2000) Multi-processor Mac info ... (1997) Uh...can someone help me out with the b10? (1997) Unexpected error (1997) [WebDNA] WebDNA with Virtual Hosts (2010) [WebDNA] WebDNA & VPS (2009) ShowNext Command (1997) [WriteFile] problems (1997) WebCatalog Features (1997) multi-paragraph fields (1997)