Re: New Site Announcement

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 18774
interpreted = N
texte = At 09:56 AM 7/9/98 -0600, Rob Marquardt wrote:>>>The site still has the append command enabled. That command should be >>removed from the CommandsAllowed preference, and all append commands >>should be performed with [append] contexts instead. >> >>Maybe PCS should ship product without *default* security holes? I believe >>a complete security statement from PCS would be in order -- this sort of >>thing should not of happened to blueheronhemp.com. Manual or no manual. >> >>You did the 'right thing' by pointing out the problems Ken. > >The append command is not enabled by default. Either it was added to >WebCat's Only the following commands may be issued by anonymous >visitors line, or Allow all commands was selected in the preferences.Thanks for pointing that out Rob, it has been a while since I did a fresh install of WebCat.I sincerely hope my comments were not perceived as a slam against PCS -- because that was not my intention. Security should be every webmaster's concern. In fact, I take some comfort in knowing that PCS, as a developer, has had first-hand experience in this department (even if it was negative):http://www8.zdnet.com/macweek/mw_1139/op_engst.htmlIt would be nice to believe that the security issue is over with. I do not think it is.Wendell Associated Messages, from the most recent to the oldest:

    
  1. Re: New Site Announcement (Wendell B. Kozak 1998)
  2. Re: New Site Announcement (Rob Marquardt 1998)
  3. Re: New Site Announcement (Wendell B. Kozak 1998)
  4. Re: New Site Announcement (Kenneth Grome 1998)
  5. Re: New Site Announcement (Paul Uttermohlen 1998)
  6. Re: New Site Announcement (Pat Naismith 1998)
  7. Re: New Site Announcement (Raymond Hatch 1998)
  8. Re: New Site Announcement (Raymond Hatch 1998)
  9. New Site Announcement (Raymond Hatch 1998)
  10. Re: New Site Announcement (Mícheál O Sé 1998)
  11. Re: New Site Announcement (Terry Wilson 1998)
  12. Re: New Site Announcement (Kenneth Grome 1998)
  13. Re: New Site Announcement (Mark Mesenko 1998)
  14. Re: New Site Announcement (Kenneth Grome 1998)
  15. New Site Announcement (Mark Mesenko 1998)
  16. New Site Announcement: MusicianStore.com goes live with (Sandra L. Pitner 1998)
  17. Re: New site announcement + Re: Showing once on a founditems (Christophe BECK 1997)
  18. Re: New site announcement + Re: Showing once on a founditems (Christophe BECK 1997)
  19. New site announcement + Re: Showing once on a founditems (Gilles Renoul 1997)
At 09:56 AM 7/9/98 -0600, Rob Marquardt wrote:>>>The site still has the append command enabled. That command should be >>removed from the CommandsAllowed preference, and all append commands >>should be performed with [append] contexts instead. >> >>Maybe PCS should ship product without *default* security holes? I believe >>a complete security statement from PCS would be in order -- this sort of >>thing should not of happened to blueheronhemp.com. Manual or no manual. >> >>You did the 'right thing' by pointing out the problems Ken. > >The append command is not enabled by default. Either it was added to >WebCat's Only the following commands may be issued by anonymous >visitors line, or Allow all commands was selected in the preferences.Thanks for pointing that out Rob, it has been a while since I did a fresh install of WebCat.I sincerely hope my comments were not perceived as a slam against PCS -- because that was not my intention. Security should be every webmaster's concern. In fact, I take some comfort in knowing that PCS, as a developer, has had first-hand experience in this department (even if it was negative):http://www8.zdnet.com/macweek/mw_1139/op_engst.htmlIt would be nice to believe that the security issue is over with. I do not think it is.Wendell Wendell B. Kozak

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Item options w/ price adjustment (1997) Blacklisted (2002) A question on sub-categories (1997) database confused (2000) Database Strategy - more... (1998) AddLineitems - 100 Item Limit? (2002) Almost a there but..bye bye NetCloak (1997) Am I going senile? (Price recalc based on quantity) (1997) Search design (1997) (2000) Physical Security for WebCatalog Directories (1997) Secure Server (1997) [WebDNA] Foreign characters (2009) (2009) format problem on NT? (1997) WebCat2b13MacPlugIn - [include] doesn't allow creator (1997) WebCat2b12 CGI Mac - [shownext] problem (1997) using showpage and showcart commands (1996) 3+ Levels of Navigation (2006) Running 2 two WebCatalog.acgi's (1996) PC Auth Hub+Merchant (1998)