Re: why am I getting an authenticate dialog with no [protect]?
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 36095
interpreted = N
texte = > on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote:> >> No, that's not the issue. I'm actually passing an Append command to the db,>> and I didn't have Append in the list of allowed non-admin commands, as Chris>> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to> non-admin users you are opening up a huge security hole. Now, anyone with a> little knowledge of WebDNA can input Append command strings that would wreak> havoc on your system.> > The answer to this problem is to NOT open up destructive commands to> non-admin users. ALWAYS use contexts instead of commands whenever possible.> See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, butthat's a global security setting. I think I'm going to have to re-code thosecouple of pages to avoid that.Thanks to everyone for the reminders.Cheers,Steve------------------------------------------------Steven JarvisWeb Developersjarvis@nwaonline.netMorning News of Northwest Arkansashttp://www.nwaonline.net-------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
> on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote:> >> No, that's not the issue. I'm actually passing an Append command to the db,>> and I didn't have Append in the list of allowed non-admin commands, as Chris>> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to> non-admin users you are opening up a huge security hole. Now, anyone with a> little knowledge of WebDNA can input Append command strings that would wreak> havoc on your system.> > The answer to this problem is to NOT open up destructive commands to> non-admin users. ALWAYS use contexts instead of commands whenever possible.> See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, butthat's a global security setting. I think I'm going to have to re-code thosecouple of pages to avoid that.Thanks to everyone for the reminders.Cheers,Steve------------------------------------------------Steven JarvisWeb Developersjarvis@nwaonline.netMorning News of Northwest Arkansashttp://www.nwaonline.net-------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Steven Jarvis
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Problems getting parameters passed into email. (1997)
Nesting FoundItem Context (1997)
Problem with encrypted cookies (2000)
PIXO support (1997)
Problems appending to database (1997)
Emailer problems addition (1999)
Grep to strip junk from emails? (2004)
Migrating to NT (1997)
all records returned. (1997)
Securing/hiding database file (2000)
Converting spaces to + in results list (SOLVED) (2000)
Multi-processor Mac info ... (1997)
Uh...can someone help me out with the b10? (1997)
Unexpected error (1997)
[WebDNA] WebDNA with Virtual Hosts (2010)
[WebDNA] WebDNA & VPS (2009)
ShowNext Command (1997)
[WriteFile] problems (1997)
WebCatalog Features (1997)
multi-paragraph fields (1997)