Re: Protect
This WebDNA talk-list message is from 1997
It keeps the original formatting.
numero = 14263
interpreted = N
texte = At 09:36 AM 10/29/97 -0800, you wrote:>>>So I want them to only be able to interact >>>with their own templates and databases in their directory.>>>>Anyone who has rights to change a template can create WebDNA that does >>lots of nasty things, roughly analogous to someone who has rights to >>upload a CGI. The best protection you have is to give vendors an >>administrative interface to modify their databases via forms, but don't >>let them change template files.>>>>Grant Hulbert, V.P. Engineering | ==== eCommerce for the Rest of Us====>>Pacific Coast Software | WebCatalog, WebMerchant>>11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster>>San Diego, CA 92128 | SiteGuard>>619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com>>>>>>>This is exactly what I thought. I don't think some of the others see the >ramifications with this. I have a couple of companies that do web design >in webcatalog. I am teaching them the basics. Being a programmer from way >back I seen the problem right away and wanted to protect it. Now that I >know I can't I will have to use other threats to them. Like crash >something and it costs you $25. So make sure your code is good and non >malicious.Considering your concern I would recomend giving them the best trainingpossible to ensure the security of your system. Ray
Associated Messages, from the most recent to the oldest:
At 09:36 AM 10/29/97 -0800, you wrote:>>>So I want them to only be able to interact >>>with their own templates and databases in their directory.>>>>Anyone who has rights to change a template can create WebDNA that does >>lots of nasty things, roughly analogous to someone who has rights to >>upload a CGI. The best protection you have is to give vendors an >>administrative interface to modify their databases via forms, but don't >>let them change template files.>>>>Grant Hulbert, V.P. Engineering | ==== eCommerce for the Rest of Us====>>Pacific Coast Software | WebCatalog, WebMerchant>>11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster>>San Diego, CA 92128 | SiteGuard>>619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com>>>>>>>This is exactly what I thought. I don't think some of the others see the >ramifications with this. I have a couple of companies that do web design >in webcatalog. I am teaching them the basics. Being a programmer from way >back I seen the problem right away and wanted to protect it. Now that I >know I can't I will have to use other threats to them. Like crash >something and it costs you $25. So make sure your code is good and non >malicious.Considering your concern I would recomend giving them the best trainingpossible to ensure the security of your system. Ray
Raymond Hatch
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Searching multiple fields (1997)
WC 2.0 frames feature (1997)
pull downs (1997)
HELP! Search finding too much! (1998)
NT or Mac (1997)
Date calculation problems (1997)
Multiple Replaces? (1997)
WebCatalog can't find database (1997)
WebCat2b13 Command Reference Doc error (1997)
(1997)
blank page from template (1997)
Just Testing (1997)
Help! Odd, irreproducible happenings. (1998)
HomePage Caution (1997)
Search inside Include (1998)
Formating found categories (1997)
[WebDNA] webdna.us (2008)
Freeze (2003)
GuestBook example (1997)
Searching multiple fields from one form field (1997)