Re: Using Applescript to process WebCatalog functions

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 17731
interpreted = N
texte = >> >Anyway - the new WebCat plugin does not need AppleScript. >> >You should turn off AppleScript on your webserver, for security and >> performance... >> >Maybe it depends on the machine (PPC 9500), but we have tested it. Performance of databases (especially acgi-calls) are faster without AppleScript. Nobody could us tell yet why this occures, but our stopwatch tells the truth...To me, performance is not just speed, it is also capabilities. One of the things I consider when I look at performance is whether or not I can actually do the things I want to do -- and AppleScript is a tool that seems to come in very handy for me ...>Second - AppleScript is a security leak. If the webmaster is not very very careful with setup or does not check the presence of unallowed scripts in the customers folders than you are in danger - we all know the power of AppleScript on finder level (and don't forget, errors pop up on your server).Compiled applications can do just as much damage as AppleScripts -- and destructive compiled applications can be uploaded and will will run just as destructively with or without AppleScript. So disabling AppleScript does not automatically make your web server safe from destructive upload files.Especially when you're using WebCatalog!Because if you're letting ANYONE upload files to your server that have WebDNA code in them, and if those files are uploaded within the web server hierarchy where they can actually be requested by a visitor, those files could very easily destroy your site -- without AppleScript installed.All I'm trying to get at here is that making an all-encompassing, blanket recommendation that Mac webmasters remove AppleScript from our servers is NOT a recommendation that applies to everyone. There are simply too many different configurations for web servers out there to issue such a suggestion, at least without qualifying the precise circumstances that might possibly create a security issue ... :)Sincerely, Ken Grome 808-737-6499 WebDNA Solutions mailto:ken@webdna.net http://www.webdna.net Associated Messages, from the most recent to the oldest:

    
  1. Re: Using Applescript to process WebCatalog functions (Mike Heininger 1998)
  2. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  3. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  4. Re: Using Applescript to process WebCatalog functions (Britt T. 1998)
  5. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  6. Re: Using Applescript to process WebCatalog functions (Britt T. 1998)
  7. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  8. Re: Using Applescript to process WebCatalog functions (Britt T. 1998)
  9. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  10. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  11. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  12. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  13. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  14. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  15. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  16. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  17. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  18. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  19. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  20. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  21. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  22. Re: Using Applescript to process WebCatalog functions (Britt T. 1998)
  23. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  24. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  25. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  26. Re: Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
  27. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  28. Re: Using Applescript to process WebCatalog functions (Kenneth Grome 1998)
  29. Re: Using Applescript to process WebCatalog functions (PCS Technical Support 1998)
  30. Re: Using Applescript to process WebCatalog functions (Peter Ostry 1998)
  31. Using Applescript to process WebCatalog functions (Bob Mosebar 1998)
>> >Anyway - the new WebCat plugin does not need AppleScript. >> >You should turn off AppleScript on your webserver, for security and >> performance... >> >Maybe it depends on the machine (PPC 9500), but we have tested it. Performance of databases (especially acgi-calls) are faster without AppleScript. Nobody could us tell yet why this occures, but our stopwatch tells the truth...To me, performance is not just speed, it is also capabilities. One of the things I consider when I look at performance is whether or not I can actually do the things I want to do -- and AppleScript is a tool that seems to come in very handy for me ...>Second - AppleScript is a security leak. If the webmaster is not very very careful with setup or does not check the presence of unallowed scripts in the customers folders than you are in danger - we all know the power of AppleScript on finder level (and don't forget, errors pop up on your server).Compiled applications can do just as much damage as AppleScripts -- and destructive compiled applications can be uploaded and will will run just as destructively with or without AppleScript. So disabling AppleScript does not automatically make your web server safe from destructive upload files.Especially when you're using WebCatalog!Because if you're letting ANYONE upload files to your server that have WebDNA code in them, and if those files are uploaded within the web server hierarchy where they can actually be requested by a visitor, those files could very easily destroy your site -- without AppleScript installed.All I'm trying to get at here is that making an all-encompassing, blanket recommendation that Mac webmasters remove AppleScript from our servers is NOT a recommendation that applies to everyone. There are simply too many different configurations for web servers out there to issue such a suggestion, at least without qualifying the precise circumstances that might possibly create a security issue ... :)Sincerely, Ken Grome 808-737-6499 WebDNA Solutions mailto:ken@webdna.net http://www.webdna.net Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Caching [include] files ... (1997) protect tag on NT IIS (1997) Almost a there but..bye bye NetCloak (1997) Using Eudora instead of Emailer, and cron facility (1998) Setting up shop (1997) WebCatalog can't find database (1997) WebCatalog2 Feature Feedback (1996) Late on Friday.... brain fried (2002) MacAuthorize and WebMerchant (1997) [returnraw] and form variables (1998) Search Criteria (2000) Help! Strange happenings... (1997) Re1000001: Setting up shop (1997) Problem (1997) [WebDNA] WebDNA app (2013) [WebDNA] Downloading a .xls file daily (2009) A matter of time (1997) Country & Ship-to address & other fields ? (1997) Opinion: [input] should be called [output] ... (1997) format_to_days on NT (1997)