Re: New Site Announcement
This WebDNA talk-list message is from 1998
It keeps the original formatting.
numero = 18774
interpreted = N
texte = At 09:56 AM 7/9/98 -0600, Rob Marquardt wrote:>>>The site still has the append command enabled. That command should be>>removed from the CommandsAllowed preference, and all append commands>>should be performed with [append] contexts instead.>>>>Maybe PCS should ship product without *default* security holes? I believe>>a complete security statement from PCS would be in order -- this sort of>>thing should not of happened to blueheronhemp.com. Manual or no manual.>>>>You did the 'right thing' by pointing out the problems Ken.>>The append command is not enabled by default. Either it was added to >WebCat's Only the following commands may be issued by anonymous >visitors line, or Allow all commands was selected in the preferences.Thanks for pointing that out Rob, it has been a while since I did a freshinstall of WebCat.I sincerely hope my comments were not perceived as a slam against PCS --because that was not my intention. Security should be every webmaster'sconcern. In fact, I take some comfort in knowing that PCS, as a developer, has had first-hand experience in this department (even if it was negative):http://www8.zdnet.com/macweek/mw_1139/op_engst.htmlIt would be nice to believe that the security issue is over with. I do notthink it is.Wendell
Associated Messages, from the most recent to the oldest:
At 09:56 AM 7/9/98 -0600, Rob Marquardt wrote:>>>The site still has the append command enabled. That command should be>>removed from the CommandsAllowed preference, and all append commands>>should be performed with
[append] contexts instead.>>>>Maybe PCS should ship product without *default* security holes? I believe>>a complete security statement from PCS would be in order -- this sort of>>thing should not of happened to blueheronhemp.com. Manual or no manual.>>>>You did the 'right thing' by pointing out the problems Ken.>>The append command is not enabled by default. Either it was added to >WebCat's Only the following commands may be issued by anonymous >visitors line, or Allow all commands was selected in the preferences.Thanks for pointing that out Rob, it has been a while since I did a freshinstall of WebCat.I sincerely hope my comments were not perceived as a slam against PCS --because that was not my intention. Security should be every webmaster'sconcern. In fact, I take some comfort in knowing that PCS, as a developer, has had first-hand experience in this department (even if it was negative):http://www8.zdnet.com/macweek/mw_1139/op_engst.htmlIt would be nice to believe that the security issue is over with. I do notthink it is.Wendell
Wendell B. Kozak
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Item options w/ price adjustment (1997)
Blacklisted (2002)
A question on sub-categories (1997)
database confused (2000)
Database Strategy - more... (1998)
AddLineitems - 100 Item Limit? (2002)
Almost a there but..bye bye NetCloak (1997)
Am I going senile? (Price recalc based on quantity) (1997)
Search design (1997)
(2000)
Physical Security for WebCatalog Directories (1997)
Secure Server (1997)
[WebDNA] Foreign characters (2009) (2009)
format problem on NT? (1997)
WebCat2b13MacPlugIn - [include] doesn't allow creator (1997)
WebCat2b12 CGI Mac - [shownext] problem (1997)
using showpage and showcart commands (1996)
3+ Levels of Navigation (2006)
Running 2 two WebCatalog.acgi's (1996)
PC Auth Hub+Merchant (1998)