Re: Limiting user access to .tmpl files

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 11905
interpreted = N
texte = >I am new to WebCatalog, and need some clarification on user access. It >seems to me that if I have ANY customer write-access to my site at all, >the customer can upload a .tmpl file and then run it. They would be able >to do any WebDNA actions at all, eg changing a database that is not in >their realm. > >Am I missing something?Yes, you are missing something.In the docs, and also in the admin interface, it explains that you can use WebCatalog folder hierarchy security to keep WebCat2 from processing any files outside the WebCatalog folder hierarchy. Therefore, if you must allow FTP access to your site, just don't allow FTP access to your WebCat folders, and you will NEVER have a security problem like the one you're imagining.WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless you set the prefs to allow it to do so ... :)Sincerely, Ken Grome WebDNA Solutions Associated Messages, from the most recent to the oldest:

    
  1. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  2. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  3. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  4. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  5. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  6. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  7. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  8. Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
>I am new to WebCatalog, and need some clarification on user access. It >seems to me that if I have ANY customer write-access to my site at all, >the customer can upload a .tmpl file and then run it. They would be able >to do any WebDNA actions at all, eg changing a database that is not in >their realm. > >Am I missing something?Yes, you are missing something.In the docs, and also in the admin interface, it explains that you can use WebCatalog folder hierarchy security to keep WebCat2 from processing any files outside the WebCatalog folder hierarchy. Therefore, if you must allow FTP access to your site, just don't allow FTP access to your WebCat folders, and you will NEVER have a security problem like the one you're imagining.WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless you set the prefs to allow it to do so ... :)Sincerely, Ken Grome WebDNA Solutions Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebMerchant/MacAuthorize (1998) No luck with taxes (1997) PCS Frames (1997) Word wrapping (1997) OLD ORDERS (1998) more info on [setlineitems] (1997) textarea inputs and returns (1999) Document Contains No Data! (1997) Jimmy Houssen (1998) Search on encrypted field (2000) Extended [ConvertChars] (1997) WebCatalog NT beta 18 now available (1997) OK, here goes... (1997) [WebDNA] Ubuntu 14.04 & WebDNA (2017) Projects & Contractors (1997) RE: redirect with more than 256 characters (1999) (1997) Summing fields (1997) I forgot (1998) WebCatalog can't find database (1997)