Re: Security for malls with different webmasters

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 16662
interpreted = N
texte = >The problem is: Every webmaster has full rights to his directory (to >update his own sites). This means he could write a template that can >manipulate the data in the database in another directory/shop, couldn't >he?Yes, all the major software vendors (including us) are wrestling with this issue. The solutions right now are more managerial than technical (Don't screw anybody else up, or else you suffer dire consequences).>Is there any way to prevent that and still allow full access to the >directory? What about commands like CopyFile or DeleteFile? Can they >be switched off completely or kept from working outside their parent >directory?No, although that is an excellent idea. In general, though, anyone who has ftp access to your server ought to be a trusted party, because there are plenty of bad things they can do by uploading perl scripts, batch files, AppleScripts, etc., even without WebCatalog installed.Technical Support | ==== eCommerce and Beyond ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Security for malls with different webmasters (Jack Baty 1998)
  2. Re: Security for malls with different webmasters (PCS Technical Support 1998)
  3. Re: Security for malls with different webmasters (Kenneth Grome 1998)
  4. Security for malls with different webmasters (Rainer Hofmeister 1998)
  5. Re: Security for malls with different webmasters (Olin Lagon 1998)
>The problem is: Every webmaster has full rights to his directory (to >update his own sites). This means he could write a template that can >manipulate the data in the database in another directory/shop, couldn't >he?Yes, all the major software vendors (including us) are wrestling with this issue. The solutions right now are more managerial than technical (Don't screw anybody else up, or else you suffer dire consequences).>Is there any way to prevent that and still allow full access to the >directory? What about commands like CopyFile or DeleteFile? Can they >be switched off completely or kept from working outside their parent >directory?No, although that is an excellent idea. In general, though, anyone who has ftp access to your server ought to be a trusted party, because there are plenty of bad things they can do by uploading perl scripts, batch files, AppleScripts, etc., even without WebCatalog installed.Technical Support | ==== eCommerce and Beyond ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ PCS Technical Support

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] Ubuntu 18.04 & Apache2 & WebDNA fcgi - File upload error (2019) Help! WebCat2 bug (1997) Omnibase db manipulation utility available as gift to Webcatalog community. (1999) using showpage and showcart commands (1996) For those of you not on the WebCatalog Beta... (1997) WC1.6 to WC2 date formatting (1997) Re[2]: Using [Include] Context (1999) WebCat2b14MacPlugIn - [include] doesn't hide the search string (1997) Tab Charactor (1997) Error:Too many nested [xxx] contexts (1997) Shopping carts and reloading pages (1997) WebCat for mass emailings (1997) Car Database (2002) default value from Lookup (1997) Forms & Tables (1998) carriage returns in data (1997) MacAuthorize order data fields WAS:How To question... (1997) Re:2nd WebCatalog2 Feature Request (1996) updating with ProductEditor (1998) RE: formula.db, adding option prices (1997)