Re: Limiting user access to .tmpl files
This WebDNA talk-list message is from 1997
It keeps the original formatting.
numero = 11909
interpreted = N
texte = >From: Kenneth Grome
>Subject: Re: Limiting user access to .tmpl files>>>I am new to WebCatalog, and need some clarification on user access. It>>seems to me that if I have ANY customer write-access to my site at all,>>the customer can upload a .tmpl file and then run it. They would be able>>to do any WebDNA actions at all, eg changing a database that is not in>>their realm.>>>>Am I missing something?>>Yes, you are missing something.>>In the docs, and also in the admin interface, it explains that you can use>WebCatalog folder hierarchy security to keep WebCat2 from processing any>files outside the WebCatalog folder hierarchy. Therefore, if you must allow>FTP access to your site, just don't allow FTP access to your WebCat>folders, and you will NEVER have a security problem like the one you're>imagining.>>WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless>you set the prefs to allow it to do so ... :)>>Sincerely, Ken Grome>WebDNA SolutionsWell, I'm still missing it. Clarification: I'm using an evaluation of WebCat plugin version 2.0, don't know if that's different. I've been all through the documentation, RTFM all weekend and for the last two hours, and I can't find any reference to folder hierarchy security. The admin web pages don't mention it either. The only thing I can see is the preference setting for the Web server folder.My site can definitely serve .tmpl files outside of the WebCat folder. How can I change it?Puzzled. Different docs? Mine are: Webcatalog Manual.pdf, 9/6/97; /webcatalog/admin/index.tmpl -> AdminPrefs.tmpl.RegardsThomasWBThomas Wedderburn-BisshopDevelopment ManagerWoomera Net Solutions
Associated Messages, from the most recent to the oldest:
>From: Kenneth Grome >Subject: Re: Limiting user access to .tmpl files>>>I am new to WebCatalog, and need some clarification on user access. It>>seems to me that if I have ANY customer write-access to my site at all,>>the customer can upload a .tmpl file and then run it. They would be able>>to do any WebDNA actions at all, eg changing a database that is not in>>their realm.>>>>Am I missing something?>>Yes, you are missing something.>>In the docs, and also in the admin interface, it explains that you can use>WebCatalog folder hierarchy security to keep WebCat2 from processing any>files outside the WebCatalog folder hierarchy. Therefore, if you must allow>FTP access to your site, just don't allow FTP access to your WebCat>folders, and you will NEVER have a security problem like the one you're>imagining.>>WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless>you set the prefs to allow it to do so ... :)>>Sincerely, Ken Grome>WebDNA SolutionsWell, I'm still missing it. Clarification: I'm using an evaluation of WebCat plugin version 2.0, don't know if that's different. I've been all through the documentation, RTFM all weekend and for the last two hours, and I can't find any reference to folder hierarchy security. The admin web pages don't mention it either. The only thing I can see is the preference setting for the Web server folder.My site can definitely serve .tmpl files outside of the WebCat folder. How can I change it?Puzzled. Different docs? Mine are: Webcatalog Manual.pdf, 9/6/97; /webcatalog/admin/index.tmpl -> AdminPrefs.tmpl.RegardsThomasWBThomas Wedderburn-BisshopDevelopment ManagerWoomera Net Solutions
Thomas Wedderburn-Bisshop
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
autosensing lanague selection (1997)
OLD ORDERS (1998)
Trouble Searching (1999)
webCatalog and Stocks (1998)
Multiple Sendmail Tags on One Page (2008)
MacWEEK article help needed (1996)
Card clearance, problems - solutions? (1997)
RE: automatic reload of frameset (1997)
[WebDNA] Simple Date Format Conversion (2008)
unable to launch acgi in WebCat (1997)
Bug or syntax error on my part? (1997)
formulas.db ?? (1998)
Solaris + WebCat (2001)
test... (2007)
[WebDNA] Error: Invalid JPEG file (2011)
Help with Repost Data msg from form (1997)
WebCatalog/Mac 2.1b2 New Features (1997)
Tricky Products Page (2002)
Date Bug (1998)
Configuring E-mail (1997)