Re: Limiting user access to .tmpl files

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 11905
interpreted = N
texte = >I am new to WebCatalog, and need some clarification on user access. It >seems to me that if I have ANY customer write-access to my site at all, >the customer can upload a .tmpl file and then run it. They would be able >to do any WebDNA actions at all, eg changing a database that is not in >their realm. > >Am I missing something?Yes, you are missing something.In the docs, and also in the admin interface, it explains that you can use WebCatalog folder hierarchy security to keep WebCat2 from processing any files outside the WebCatalog folder hierarchy. Therefore, if you must allow FTP access to your site, just don't allow FTP access to your WebCat folders, and you will NEVER have a security problem like the one you're imagining.WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless you set the prefs to allow it to do so ... :)Sincerely, Ken Grome WebDNA Solutions Associated Messages, from the most recent to the oldest:

    
  1. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  2. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  3. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  4. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  5. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  6. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  7. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  8. Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
>I am new to WebCatalog, and need some clarification on user access. It >seems to me that if I have ANY customer write-access to my site at all, >the customer can upload a .tmpl file and then run it. They would be able >to do any WebDNA actions at all, eg changing a database that is not in >their realm. > >Am I missing something?Yes, you are missing something.In the docs, and also in the admin interface, it explains that you can use WebCatalog folder hierarchy security to keep WebCat2 from processing any files outside the WebCatalog folder hierarchy. Therefore, if you must allow FTP access to your site, just don't allow FTP access to your WebCat folders, and you will NEVER have a security problem like the one you're imagining.WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless you set the prefs to allow it to do so ... :)Sincerely, Ken Grome WebDNA Solutions Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

URGENT: NO BUG, woFIELDdata & FIELDword=ww (2002) mwhs marketing,Dutchlink (2000) TCP Connect/send and CGI (2003) Need some assistance. (1999) RE: Error reading data -1 (1997) Multiple servers and Webcat (1998) WebCat2 Append problem (B14Macacgi) (1997) Nested tags count question (1997) Next (1997) [WebDNA] HTTP crashes (2010) [WebDNA] Ubuntu 14.04 & WebDNA (2017) Cobalt RaQ (2000) turning every 5th line red (1999) Windows 2.1b2 Append Bug? (1997) [ModDate] & [ModTime] ? (1997) WebDNA Quick Reference (Reserved Words) (2000) Multi file HTTP upload (2001) Shopping Carts (2000) serial number generation (1997) Search in 2 or more catalogs (1997)