Re: Limiting user access to .tmpl files

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 11909
interpreted = N
texte = >From: Kenneth Grome >Subject: Re: Limiting user access to .tmpl files > >>I am new to WebCatalog, and need some clarification on user access. It >>seems to me that if I have ANY customer write-access to my site at all, >>the customer can upload a .tmpl file and then run it. They would be able >>to do any WebDNA actions at all, eg changing a database that is not in >>their realm. >> >>Am I missing something? > >Yes, you are missing something. > >In the docs, and also in the admin interface, it explains that you can use >WebCatalog folder hierarchy security to keep WebCat2 from processing any >files outside the WebCatalog folder hierarchy. Therefore, if you must allow >FTP access to your site, just don't allow FTP access to your WebCat >folders, and you will NEVER have a security problem like the one you're >imagining. > >WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless >you set the prefs to allow it to do so ... :) > >Sincerely, Ken Grome >WebDNA SolutionsWell, I'm still missing it. Clarification: I'm using an evaluation of WebCat plugin version 2.0, don't know if that's different. I've been all through the documentation, RTFM all weekend and for the last two hours, and I can't find any reference to folder hierarchy security. The admin web pages don't mention it either. The only thing I can see is the preference setting for the Web server folder.My site can definitely serve .tmpl files outside of the WebCat folder. How can I change it?Puzzled. Different docs? Mine are: Webcatalog Manual.pdf, 9/6/97; /webcatalog/admin/index.tmpl -> AdminPrefs.tmpl.Regards ThomasWB Thomas Wedderburn-Bisshop Development Manager Woomera Net Solutions Associated Messages, from the most recent to the oldest:

    
  1. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  2. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  3. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  4. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  5. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  6. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  7. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  8. Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
>From: Kenneth Grome >Subject: Re: Limiting user access to .tmpl files > >>I am new to WebCatalog, and need some clarification on user access. It >>seems to me that if I have ANY customer write-access to my site at all, >>the customer can upload a .tmpl file and then run it. They would be able >>to do any WebDNA actions at all, eg changing a database that is not in >>their realm. >> >>Am I missing something? > >Yes, you are missing something. > >In the docs, and also in the admin interface, it explains that you can use >WebCatalog folder hierarchy security to keep WebCat2 from processing any >files outside the WebCatalog folder hierarchy. Therefore, if you must allow >FTP access to your site, just don't allow FTP access to your WebCat >folders, and you will NEVER have a security problem like the one you're >imagining. > >WebCat2 will NOT serve files outside the WebCat2 folder hierarchy unless >you set the prefs to allow it to do so ... :) > >Sincerely, Ken Grome >WebDNA SolutionsWell, I'm still missing it. Clarification: I'm using an evaluation of WebCat plugin version 2.0, don't know if that's different. I've been all through the documentation, RTFM all weekend and for the last two hours, and I can't find any reference to folder hierarchy security. The admin web pages don't mention it either. The only thing I can see is the preference setting for the Web server folder.My site can definitely serve .tmpl files outside of the WebCat folder. How can I change it?Puzzled. Different docs? Mine are: Webcatalog Manual.pdf, 9/6/97; /webcatalog/admin/index.tmpl -> AdminPrefs.tmpl.Regards ThomasWB Thomas Wedderburn-Bisshop Development Manager Woomera Net Solutions Thomas Wedderburn-Bisshop

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

autosensing lanague selection (1997) OLD ORDERS (1998) Trouble Searching (1999) webCatalog and Stocks (1998) Multiple Sendmail Tags on One Page (2008) MacWEEK article help needed (1996) Card clearance, problems - solutions? (1997) RE: automatic reload of frameset (1997) [WebDNA] Simple Date Format Conversion (2008) unable to launch acgi in WebCat (1997) Bug or syntax error on my part? (1997) formulas.db ?? (1998) Solaris + WebCat (2001) test... (2007) [WebDNA] Error: Invalid JPEG file (2011) Help with Repost Data msg from form (1997) WebCatalog/Mac 2.1b2 New Features (1997) Tricky Products Page (2002) Date Bug (1998) Configuring E-mail (1997)