Re: why am I getting an authenticate dialog with no [protect]?
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 36095
interpreted = N
texte = > on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote:> >> No, that's not the issue. I'm actually passing an Append command to the db,>> and I didn't have Append in the list of allowed non-admin commands, as Chris>> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to> non-admin users you are opening up a huge security hole. Now, anyone with a> little knowledge of WebDNA can input Append command strings that would wreak> havoc on your system.> > The answer to this problem is to NOT open up destructive commands to> non-admin users. ALWAYS use contexts instead of commands whenever possible.> See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, butthat's a global security setting. I think I'm going to have to re-code thosecouple of pages to avoid that.Thanks to everyone for the reminders.Cheers,Steve------------------------------------------------Steven JarvisWeb Developersjarvis@nwaonline.netMorning News of Northwest Arkansashttp://www.nwaonline.net-------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
> on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote:> >> No, that's not the issue. I'm actually passing an Append command to the db,>> and I didn't have Append in the list of allowed non-admin commands, as Chris>> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to> non-admin users you are opening up a huge security hole. Now, anyone with a> little knowledge of WebDNA can input Append command strings that would wreak> havoc on your system.> > The answer to this problem is to NOT open up destructive commands to> non-admin users. ALWAYS use contexts instead of commands whenever possible.> See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, butthat's a global security setting. I think I'm going to have to re-code thosecouple of pages to avoid that.Thanks to everyone for the reminders.Cheers,Steve------------------------------------------------Steven JarvisWeb Developersjarvis@nwaonline.netMorning News of Northwest Arkansashttp://www.nwaonline.net-------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Steven Jarvis
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Site Builder & IE Mac (2004)
New Command prefs ... (1997)
absolute paths for databases? (1997)
Almost a there but..bye bye NetCloak (1997)
How do I hyperlink to returned image filename? (2000)
Date/Time format problems (1997)
Encrypt (2000)
Finding max value for a field (1997)
Selected Item in Pop-down (2003)
Word Break (1999)
cc auth with [purchase] (1998)
Testing (2003)
Goodbyes (2007)
problems with 2 tags (1997)
Robots fill event log (1997)
sendmail (2000)
Categories and Sub-categories (2003)
RE:It just Does't add up!!! (1997)
Re:quit command on NT (1997)
trouble updating records in database (1998)