Re: Re[2]: Shopping Cart Directory
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 30383
interpreted = N
texte = Yep... I started to play with that and I think I got it! Thank you for yourhelp!APC Net, Inc. - sales@apcn.net - www.apcn.net4471 NW 36 St. #110 - Miami Springs, FL 33166Web Hosting,Web Design & Internet Services-----Original Message-----From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]OnBehalf Of jpeacock@univpress.comSent: Wednesday, April 12, 2000 4:34 PMTo: WebCatalog TalkSubject: Re[2]: Shopping Cart DirectoryI also run WebSite Pro 2.x, so I can walk you through this. As an aside,without a way to list the Orders directory, there is very little chance foranyone to guess the name of an orderfile. WebSite can exclude a directoryordirectory tree from listing files (in the absence of an index.html file) bygoing to the Access Control tab and finding the virtual site root (forexample/mysite) and selecting Disable directory listing for that path. Now allofthe directories under that path will not provide a directory listing in theabsence of a default index file.In any case, if you need to be real sure that there is no way to view ordownload an order file, do the following:1) Select the Access Control tab2) Select New and type the logical path to the Orders directory. Forexample,if you called your site /mysite, you would type the URL /mysite/Orders(assumingyour order directory was off the virtual root)3) When you have created that ACL, change the Class Restrictions to yourhearts contentI usually change the radio button to Deny, then allow because the booleanmakes my head hurt otherwise. Then I delete the all under Allow and add arecord all to the Deny box. This will deny all unmediated access to thatdirectory and anything under it. That doesn't mean that WebCatalog cannotgetto that file, so you can use a protected access template to view the files,butno one can view/download the files directly.Notice that there is more than one way to do this; you can also fiddle withtheother settings and restrict access to specific IP address ranges or passwordprotect them or ??? I always turn off directory listing for every virtualsite(why is that not the default???), and additionally lock out specificdirectories(as I remember ;~).Hope this helps.John Peacock____________________Reply Separator____________________Subject: Re: Shopping Cart DirectoryAuthor:
(WebCatalog Talk)Date: 4/12/2000 3:09 PMthis machine is running NT4 with Website PRO 2.x. The only way I see tosecure the directory is to keep everything inside my cgi-shl/webcatalog directory.APC Net, Inc. - sales@apcn.net - www.apcn.net4471 NW 36 St. #110 - Miami Springs, FL 33166Web Hosting,Web Design & Internet Services-----Original Message-----From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]OnBehalf Of WebDNA SupportSent: Wednesday, April 12, 2000 1:52 PMTo: WebCatalog TalkSubject: Re: Shopping Cart Directory>I needed some input on securing the shopping cart directory as well as>completedorders and orders. I realize I can put an index.htm file withinthe>directory however they can do a url call to the cart ID number if known and>view the cart file.What platform? Most web servers will let you specify certaindirectories that are 'no-nos' to outside URL requests.Technical Support **********************************Smith Micro, Internet Solutions Div | eCommerce (WebCatalog)16855 West Bernardo Drive, #380 | -------------------------San Diego, CA 92127 | Software & Site DevelopmentWebCatalog Support: (858) 675-0632 | http://www.smithmicro.com Fax: (858) 675-0372 **********************************-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to
Associated Messages, from the most recent to the oldest:
Yep... I started to play with that and I think I got it! Thank you for yourhelp!APC Net, Inc. - sales@apcn.net - www.apcn.net4471 NW 36 St. #110 - Miami Springs, FL 33166Web Hosting,Web Design & Internet Services-----Original Message-----From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]OnBehalf Of jpeacock@univpress.comSent: Wednesday, April 12, 2000 4:34 PMTo: WebCatalog TalkSubject: Re[2]: Shopping Cart DirectoryI also run WebSite Pro 2.x, so I can walk you through this. As an aside,without a way to list the Orders directory, there is very little chance foranyone to guess the name of an orderfile. WebSite can exclude a directoryordirectory tree from listing files (in the absence of an index.html file) bygoing to the Access Control tab and finding the virtual site root (forexample/mysite) and selecting Disable directory listing for that path. Now allofthe directories under that path will not provide a directory listing in theabsence of a default index file.In any case, if you need to be real sure that there is no way to view ordownload an order file, do the following:1) Select the Access Control tab2) Select New and type the logical path to the Orders directory. Forexample,if you called your site /mysite, you would type the URL /mysite/Orders(assumingyour order directory was off the virtual root)3) When you have created that ACL, change the Class Restrictions to yourhearts contentI usually change the radio button to Deny, then allow because the booleanmakes my head hurt otherwise. Then I delete the all under Allow and add arecord all to the Deny box. This will deny all unmediated access to thatdirectory and anything under it. That doesn't mean that WebCatalog cannotgetto that file, so you can use a protected access template to view the files,butno one can view/download the files directly.Notice that there is more than one way to do this; you can also fiddle withtheother settings and restrict access to specific IP address ranges or passwordprotect them or ??? I always turn off directory listing for every virtualsite(why is that not the default???), and additionally lock out specificdirectories(as I remember ;~).Hope this helps.John Peacock____________________Reply Separator____________________Subject: Re: Shopping Cart DirectoryAuthor: (WebCatalog Talk)Date: 4/12/2000 3:09 PMthis machine is running NT4 with Website PRO 2.x. The only way I see tosecure the directory is to keep everything inside my cgi-shl/webcatalog directory.APC Net, Inc. - sales@apcn.net - www.apcn.net4471 NW 36 St. #110 - Miami Springs, FL 33166Web Hosting,Web Design & Internet Services-----Original Message-----From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]OnBehalf Of WebDNA SupportSent: Wednesday, April 12, 2000 1:52 PMTo: WebCatalog TalkSubject: Re: Shopping Cart Directory>I needed some input on securing the shopping cart directory as well as>completedorders and orders. I realize I can put an index.htm file withinthe>directory however they can do a url call to the cart ID number if known and>view the cart file.What platform? Most web servers will let you specify certaindirectories that are 'no-nos' to outside URL requests.Technical Support **********************************Smith Micro, Internet Solutions Div | eCommerce (WebCatalog)16855 West Bernardo Drive, #380 | -------------------------San Diego, CA 92127 | Software & Site DevelopmentWebCatalog Support: (858) 675-0632 | http://www.smithmicro.com Fax: (858) 675-0372 **********************************-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to
Vince Medina
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
authenticating a second user (1997)
can WC render sites out? (1997)
insert graphic in email (2000)
mapping fields between databases (2001)
MATH TIME (1997)
PCS Frames (1997)
Opinion: [input] should be called [output] ... (1997)
Giving out error pages (1997)
Webcat no longer supported? (2006)
Possible Bug in 2.0b15.acgi (1997)
[Announce]: Web server security and password protection (1997)
tpl and Explorer (1998)
Web Developer Product Awards (1997)
Re:UPS, FEDEX TRACKING (1999)
Emailer prefs in two places ... (1997)
Summing fields (1997)
[OT] Adopting out a WebDNA website (2003)
Open Databases on Restart (1999)
Reload adding to cart (2001)
carriage returns in data (1997)