Re: why am I getting an authenticate dialog with no [protect]?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 36090
interpreted = N
texte = You may want to seriously reconsider this issue. By opening up Append to non-admin users you are opening up a huge security hole. Now, anyone with a little knowledge of WebDNA can input Append command strings that would wreak havoc on your system.The answer to this problem is to NOT open up destructive commands to non-admin users. ALWAYS use contexts instead of commands whenever possible. See the list archive for exhaustive coverage of all this.Marty Schmid Artwerkson 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote:> No, that's not the issue. I'm actually passing an Append command to the db, > and I didn't have Append in the list of allowed non-admin commands, as Chris > Allman suggest. I added Append to that list and the problem is now solved! > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  2. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  3. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  4. Re: why am I getting an authenticate dialog with no [protect]? (Peter Ostry 2000)
  5. Re: why am I getting an authenticate dialog with no [protect]? (Marty Schmid 2000)
  6. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  7. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  8. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  9. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  10. Re: why am I getting an authenticate dialog with no [protect]? (Chris Allman 2000)
  11. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  12. Re: why am I getting an authenticate dialog with no [protect]? (Joseph D'Andrea 2000)
  13. why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
You may want to seriously reconsider this issue. By opening up Append to non-admin users you are opening up a huge security hole. Now, anyone with a little knowledge of WebDNA can input Append command strings that would wreak havoc on your system.The answer to this problem is to NOT open up destructive commands to non-admin users. ALWAYS use contexts instead of commands whenever possible. See the list archive for exhaustive coverage of all this.Marty Schmid Artwerkson 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote:> No, that's not the issue. I'm actually passing an Append command to the db, > and I didn't have Append in the list of allowed non-admin commands, as Chris > Allman suggest. I added Append to that list and the problem is now solved! > ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Marty Schmid

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Uh...can someone help me out with the b10? (1997) WebCat2b15MacPlugin - showing [math] (1997) Error & Problem (1997) Server slowing down. (1997) WebDNA Solutions ... (1997) Problems with [Search] param - Mac Plugin b15 (1997) WebTen and WebCat (1997) Still having problems with Authen (1997) Re:quit command on NT (1997) Resolving variables into field names (1998) Nested tags count question (1997) Robert Minor duplicate mail (1997) SHOWNEXT (1999) Cookies (1999) PCS Emailer's role ? (1997) Problem with Formulas.db (1998) Founditems context returning only 1 item (1997) dreamweaver (2000) Too Much Rootbeer Free Offer (1997) wierd [cart] action! (1997)