Re: Using Applescript to process WebCatalog functions

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 17731
interpreted = N
texte = >> >Anyway - the new WebCat plugin does not need AppleScript. >> >You should turn off AppleScript on your webserver, for security and >> performance... >> >Maybe it depends on the machine (PPC 9500), but we have tested it. Performance of databases (especially acgi-calls) are faster without AppleScript. Nobody could us tell yet why this occures, but our stopwatch tells the truth...To me, performance is not just speed, it is also capabilities. One of the things I consider when I look at performance is whether or not I can actually do the things I want to do -- and AppleScript is a tool that seems to come in very handy for me ...>Second - AppleScript is a security leak. If the webmaster is not very very careful with setup or does not check the presence of unallowed scripts in the customers folders than you are in danger - we all know the power of AppleScript on finder level (and don't forget, errors pop up on your server).Compiled applications can do just as much damage as AppleScripts -- and destructive compiled applications can be uploaded and will will run just as destructively with or without AppleScript. So disabling AppleScript does not automatically make your web server safe from destructive upload files.Especially when you're using WebCatalog!Because if you're letting ANYONE upload files to your server that have WebDNA code in them, and if those files are uploaded within the web server hierarchy where they can actually be requested by a visitor, those files could very easily destroy your site -- without AppleScript installed.All I'm trying to get at here is that making an all-encompassing, blanket recommendation that Mac webmasters remove AppleScript from our servers is NOT a recommendation that applies to everyone. There are simply too many different configurations for web servers out there to issue such a suggestion, at least without qualifying the precise circumstances that might possibly create a security issue ... :)Sincerely, Ken Grome 808-737-6499 WebDNA Solutions mailto:ken@webdna.net http://www.webdna.net Associated Messages, from the most recent to the oldest:

    
  1. Re: Using Applescript to process WebCatalog functions (Mike Heininger 1998)
  2. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  3. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  4. Re: Using Applescript to process WebCatalog functions (Britt T. 1998)
  5. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  6. Re: Using Applescript to process WebCatalog functions (Britt T. 1998)
  7. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  8. Re: Using Applescript to process WebCatalog functions (Britt T. 1998)
  9. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  10. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  11. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  12. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  13. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  14. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  15. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  16. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  17. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  18. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  19. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  20. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  21. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  22. Re: Using Applescript to process WebCatalog functions (Britt T. 1998)
  23. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  24. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  25. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  26. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  27. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  28. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  29. Re: Using Applescript to process WebCatalog functions (PCS Technical Support 1998)
  30. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  31. Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
>> >Anyway - the new WebCat plugin does not need AppleScript. >> >You should turn off AppleScript on your webserver, for security and >> performance... >> >Maybe it depends on the machine (PPC 9500), but we have tested it. Performance of databases (especially acgi-calls) are faster without AppleScript. Nobody could us tell yet why this occures, but our stopwatch tells the truth...To me, performance is not just speed, it is also capabilities. One of the things I consider when I look at performance is whether or not I can actually do the things I want to do -- and AppleScript is a tool that seems to come in very handy for me ...>Second - AppleScript is a security leak. If the webmaster is not very very careful with setup or does not check the presence of unallowed scripts in the customers folders than you are in danger - we all know the power of AppleScript on finder level (and don't forget, errors pop up on your server).Compiled applications can do just as much damage as AppleScripts -- and destructive compiled applications can be uploaded and will will run just as destructively with or without AppleScript. So disabling AppleScript does not automatically make your web server safe from destructive upload files.Especially when you're using WebCatalog!Because if you're letting ANYONE upload files to your server that have WebDNA code in them, and if those files are uploaded within the web server hierarchy where they can actually be requested by a visitor, those files could very easily destroy your site -- without AppleScript installed.All I'm trying to get at here is that making an all-encompassing, blanket recommendation that Mac webmasters remove AppleScript from our servers is NOT a recommendation that applies to everyone. There are simply too many different configurations for web servers out there to issue such a suggestion, at least without qualifying the precise circumstances that might possibly create a security issue ... :)Sincerely, Ken Grome 808-737-6499 WebDNA Solutions mailto:ken@webdna.net http://www.webdna.net Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Cancel Subscription (1996) Emailer setup (1997) Re:Emailer and encryption (1997) stripping extra spaces from form fields (2000) Tax on shipping (1998) RE: New WebCatalog Version !!! (1997) [TCPSend] and whois? (1999) WC2b12: Yes, Formulas.db is for real (1997) WebCat 3? (2000) Multiple Passwords (1997) popups, netscape vs explorer (1997) carriage returns in data (1997) Sort Order on a page search (1997) different show next (1997) Auto-increment number, but only up to 100 then start overat 1 (2002) Avery 5160 Mailing Labels (2003) Webcat & SIMS (1998) [WRITEFILE] to create database spider food? (1998) Nested vs conditional (1997) Can this be done? (2003)