Re: protect tag on NT IIS

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 14745
interpreted = N
texte = >>Whether or not your pages are protected with a [protect] tag has >>nothing to do with WebCat's CommandSecurity and CommandsAllowed >>prefs. Pages protected with the [protect] tag only check the users.db >>for an acceptable username/password based on the group named in the >>protect tag. > >This is what I thought. But when I use $append within a form on a page >that is [protect]ed, webcat throws up the IIS-forms based page asking for >my username and password. No matter what I type in, the page does NOT >pass this protection. Then only way I got it to append was to (1) change >the preferences to allow for anonymous appends which I don't like and (2) >use the [append] context. > >My question is: Can I use the NT version with IIS and use a form based >append command on a [protect]ed page without adding append to my webcat >preferences for anonymous access? It seems to me that using forms based >append is not anonymous and is coming from the tpl file, not a URL. Is >this an IIS thing?Basically, WebCat sees no difference in getting a command from a URL or from a form. Because of this, you must enable the append command in the prefs if you want to use an append command from either a form or a hyperlink. Unless ...I seem to recall a *possible* way around this, and I have no idea whether my memory is correct on this point or not, but:You may NOT have to enable the append command in your prefs, provided the username and password values entered into the IIS-forms based page have ADMIN access. To test this theory, try entering the username and password of someone in the admin group when that form pops up, and maybe your append will work.If it does, at least you'll know that only those with admin access will be able to append from your form. That may not be what you really want, but you can always deal with this simply by putting your append into a context instead. Contexts are more secure anyways ... :)Sincerely, Ken Grome WebDNA Solutions http://www.smithmicro.com/webdnasolutions/. Associated Messages, from the most recent to the oldest:

    
  1. Re: protect tag on NT IIS (Olin 1997)
  2. Re: protect tag on NT IIS (Grant Hulbert 1997)
  3. Re: protect tag on NT IIS (Kenneth Grome 1997)
  4. Re: protect tag on NT IIS (Olin 1997)
  5. Re: protect tag on NT IIS (Kenneth Grome 1997)
  6. Re: protect tag on NT IIS (Olin 1997)
  7. Re: protect tag on NT IIS (Kenneth Grome 1997)
  8. protect tag on NT IIS (Olin 1997)
>>Whether or not your pages are protected with a [protect] tag has >>nothing to do with WebCat's CommandSecurity and CommandsAllowed >>prefs. Pages protected with the [protect] tag only check the users.db >>for an acceptable username/password based on the group named in the >>protect tag. > >This is what I thought. But when I use $append within a form on a page >that is [protect]ed, webcat throws up the IIS-forms based page asking for >my username and password. No matter what I type in, the page does NOT >pass this protection. Then only way I got it to append was to (1) change >the preferences to allow for anonymous appends which I don't like and (2) >use the [append] context. > >My question is: Can I use the NT version with IIS and use a form based >append command on a [protect]ed page without adding append to my webcat >preferences for anonymous access? It seems to me that using forms based >append is not anonymous and is coming from the tpl file, not a URL. Is >this an IIS thing?Basically, WebCat sees no difference in getting a command from a URL or from a form. Because of this, you must enable the append command in the prefs if you want to use an append command from either a form or a hyperlink. Unless ...I seem to recall a *possible* way around this, and I have no idea whether my memory is correct on this point or not, but:You may NOT have to enable the append command in your prefs, provided the username and password values entered into the IIS-forms based page have ADMIN access. To test this theory, try entering the username and password of someone in the admin group when that form pops up, and maybe your append will work.If it does, at least you'll know that only those with admin access will be able to append from your form. That may not be what you really want, but you can always deal with this simply by putting your append into a context instead. Contexts are more secure anyways ... :)Sincerely, Ken Grome WebDNA Solutions http://www.smithmicro.com/webdnasolutions/. Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Urgent help needed (1998) Search in 2 or more catalogs (1997) Converting order file to database (1998) [FoundItems] solved - thanks (1997) Showif -what am I missing??? (1999) Searching an Email database (1997) WC2f3 (1997) Protect and Serve (1999) Requiring that certain fields be completed (1997) When do we get to request new features? (1999) Re:Emailer tracking (1997) Multiple cart additions (1997) Quitting WebMerchant ? (1997) WebCat b13 CGI -shownext- (1997) Separate SSL Server (1997) [shownext] (2002) getchars broken? (1997) NT vs Mac (1997) WebCatalog Mac and cgi-bin (WebSTAR 2.0) (1997) math on date? (1997)