Re: WebCat2 beta 11 - new prefs ...

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 10337
interpreted = N
texte = >I assume that CommandSecurity also controls all the other commands too? OR >does this one deal only with the Append command?It controls all commands. Append was just example. Look at the preferences that ship with b11 for our recommended setup.>If it controls all commands, then setting CommandSecurity to T >effectively eliminates everyone but me from appending, replacing, and >deleting even if they enter the username and password that appears in the >record they are trying to append, replace, or delete - is this correct? > >I don't want that on my site, so I think I need to set CommandSecurity to >F ...No, we designed this feature just for you, so you're required to use it even if no one else does ;)Your setting should be CommandSecurity=T, CommandsAllowed=Replace, Delete, Search, ShowPage, etc. Notice the absence of Append from this list. This means remote unauthorized people cannot $Append to your databases with a URL. KEY CONCEPT: When you want anonymous people to Append to your databases, do it with an embedded [Append] context on a page that has [protect] of some kind on it. The preference only affects $Command, not embedded contexts.Ther idea here is that you can still achieve anonymous Appends using embedded [Append] contexts in a page...but now you have more control over it because you decide which databases get appended to. The only problem with $Append commands is that someone can homebrew a URL that appends records to any database of their choosing...not possible when you use embedded appends.Grant Hulbert, V.P. Engineering | Tools for WebWarriors Pacific Coast Software | WebCatalog, WebCommerce Solution 11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMaster San Diego, CA 92128 | 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Associated Messages, from the most recent to the oldest:

    
  1. Re: WebCat2 beta 11 - new prefs ... (Grant Hulbert 1997)
  2. Re: WebCat2 beta 11 - new prefs ... (Kenneth Grome 1997)
  3. Re: WebCat2 beta 11 - new prefs ... (Kenneth Grome 1997)
  4. Re: WebCat2 beta 11 - new prefs ... (Grant Hulbert 1997)
  5. WebCat2 beta 11 - new prefs ... (Kenneth Grome 1997)
>I assume that CommandSecurity also controls all the other commands too? OR >does this one deal only with the Append command?It controls all commands. Append was just example. Look at the preferences that ship with b11 for our recommended setup.>If it controls all commands, then setting CommandSecurity to T >effectively eliminates everyone but me from appending, replacing, and >deleting even if they enter the username and password that appears in the >record they are trying to append, replace, or delete - is this correct? > >I don't want that on my site, so I think I need to set CommandSecurity to >F ...No, we designed this feature just for you, so you're required to use it even if no one else does ;)Your setting should be CommandSecurity=T, CommandsAllowed=Replace, Delete, Search, ShowPage, etc. Notice the absence of Append from this list. This means remote unauthorized people cannot $Append to your databases with a URL. KEY CONCEPT: When you want anonymous people to Append to your databases, do it with an embedded [append] context on a page that has [protect] of some kind on it. The preference only affects $Command, not embedded contexts.Ther idea here is that you can still achieve anonymous Appends using embedded [append] contexts in a page...but now you have more control over it because you decide which databases get appended to. The only problem with $Append commands is that someone can homebrew a URL that appends records to any database of their choosing...not possible when you use embedded appends.Grant Hulbert, V.P. Engineering | Tools for WebWarriors Pacific Coast Software | WebCatalog, WebCommerce Solution 11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMaster San Diego, CA 92128 | 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Grant Hulbert

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Thanks ! (1997) [WebDNA] Is a '.webdna' suffix better? (2008) Pithy questions on webcommerce & siteedit (1997) SIMS setup (1998) Cart Numbers (1997) WebCat2 - Getting to the browser's username/password data (1997) Protect (1997) cart file creation (2003) Re:Emailer Error Question (1998) One more time (1997) Friday night shopping site joke (1997) Follow-Up to: Removing [showif] makes a big difference in speed (1997) Upgrade to wsV (2004) Getting Total Quantity (1997) WCS Newbie question (1997) this works sometimes and sometimes not (1997) 2.1 pricing? (1998) Help name our technology! (1997) Robert Minor duplicate mail (1997) # fields limited? (1997)