Re: Limiting user access to .tmpl files

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 11905
interpreted = N
texte = >I am new to WebCatalog, and need some clarification on user access. It >seems to me that if I have ANY customer write-access to my site at all, >the customer can upload a .tmpl file and then run it. They would be able >to do any WebDNA actions at all, eg changing a database that is not in >their realm. > >Am I missing something?Yes, you are missing something.In the docs, and also in the admin interface, it explains that you can use WebCatalog folder hierarchy security to keep WebCat2 from processing any files outside the WebCatalog folder hierarchy. Therefore, if you must allow FTP access to your site, just don't allow FTP access to your WebCat folders, and you will NEVER have a security problem like the one you're imagining.WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless you set the prefs to allow it to do so ... :)Sincerely, Ken Grome WebDNA Solutions Associated Messages, from the most recent to the oldest:

    
  1. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  2. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  3. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  4. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  5. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  6. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  7. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  8. Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
>I am new to WebCatalog, and need some clarification on user access. It >seems to me that if I have ANY customer write-access to my site at all, >the customer can upload a .tmpl file and then run it. They would be able >to do any WebDNA actions at all, eg changing a database that is not in >their realm. > >Am I missing something?Yes, you are missing something.In the docs, and also in the admin interface, it explains that you can use WebCatalog folder hierarchy security to keep WebCat2 from processing any files outside the WebCatalog folder hierarchy. Therefore, if you must allow FTP access to your site, just don't allow FTP access to your WebCat folders, and you will NEVER have a security problem like the one you're imagining.WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless you set the prefs to allow it to do so ... :)Sincerely, Ken Grome WebDNA Solutions Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[setlineitem] unable to set sku? (1999) WebCatalog2 Feature Feedback (1996) Search all Fields in a db (1997) Serving Images from SSL (was NT vs Mac) (1997) AAAH: stupid sendmail (2001) Progress !! WAS: Trouble with formula.db (1997) Installer AppleScript (2000) 2nd WebCatalog2 Feature Request (1996) Text data with spaces in them... (1997) URL for Discussion Archive (1997) Thanks ! (1997) WebCat2_Mac RETURNs in .db (1997) problems with 2 tags shakur (1997) Trouble with formula.db + more explanation (1997) Attention SM: Trigger Bug? (2000) Adding extra coding on the fly? (2005) Major Security Hole (1998) show all problem (1997) plugin-acgi, different results (1997) default value from Lookup (was Grant, please help me) (1997)