Re: [replace] has protection feature like [delete]?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31540
interpreted = N
texte = If you let me admin my own record in the users.db, I can add any group I want to my own 'groups' field, then I can access all [protect]ed pages on the entire site -- whether or not that's what you wanted me to be able to do.The old username/password field stuff is a hold-over from webcat 1.6, and it's no longer considered the best way to secure your db's by any means ... I'm surprised that code was never removed from webcatalog a long time ago ... >otherwise how does one allow differing levels of administrators to >[replace] *only* >their alloted records in a db which is accessed by ALL level of admin? > (ie. prevent them from editing records that do not belong to their >authenticate group?) > >-John > >John Butler wrote: > >> [DELETE db=DatabasePath&eqNAMEdata=Fred] >> ... Note: if the database has username and password fields, then >>the records will not >> be deleted unless the visitor's web browser username/password >>match the record's >> username/password. >> >> is this behaviour also true for the [replace] context? There is >>no mention of it in >> the docs, but it would be nice to have that option so I ask... >> >> -John >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: [replace] has protection feature like [delete]? (John Butler 2000)
  2. Re: [replace] has protection feature like [delete]? (WebDNA Support 2000)
  3. Re: [replace] has protection feature like [delete]? (John Butler 2000)
  4. Re: [replace] has protection feature like [delete]? (Kenneth Grome 2000)
  5. [replace] has protection feature like [delete]? (John Butler 2000)
If you let me admin my own record in the users.db, I can add any group I want to my own 'groups' field, then I can access all [protect]ed pages on the entire site -- whether or not that's what you wanted me to be able to do.The old username/password field stuff is a hold-over from webcat 1.6, and it's no longer considered the best way to secure your db's by any means ... I'm surprised that code was never removed from webcatalog a long time ago ... >otherwise how does one allow differing levels of administrators to >[replace] *only* >their alloted records in a db which is accessed by ALL level of admin? > (ie. prevent them from editing records that do not belong to their >authenticate group?) > >-John > >John Butler wrote: > >> [DELETE db=DatabasePath&eqNAMEdata=Fred] >> ... Note: if the database has username and password fields, then >>the records will not >> be deleted unless the visitor's web browser username/password >>match the record's >> username/password. >> >> is this behaviour also true for the [replace] context? There is >>no mention of it in >> the docs, but it would be nice to have that option so I ask... >> >> -John >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

[WebDNA] Digital Ocean /WebDNA is not configured to accept requests to host (2019) [OT] Test - THE ANSWER (2003) wierd crashes for multi-sendmails on NT (1997) Transfer of data from Invoice to thank you templates (1998) WebCat2b15MacPlugin - [protect] (1997) Friday night shopping site joke (1997) Extended [Convertchars] needed (1997) RequiredFields template (1997) Round up prices (2000) multi-paragraph fields (1997) 2.0Beta Command Ref (can't find this instruction) (1997) newbies to web, spaces in email address (1998) WebCat2b15MacPlugin - showing [math] (1997) searching multiple databases (1997) [WebDNA] Facebook Application - Custom Tab for Fan / Non-Fan (2011) Another question (1997) [WebDNA] Searching for multiple bits of data in one field or use (2016) send mail problem? (1997) [SHOWIF AND/OR] (1997) Re:quit command on NT (1997)