Re: why am I getting an authenticate dialog with no [protect]?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 36095
interpreted = N
texte = > on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote: > >> No, that's not the issue. I'm actually passing an Append command to the db, >> and I didn't have Append in the list of allowed non-admin commands, as Chris >> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to > non-admin users you are opening up a huge security hole. Now, anyone with a > little knowledge of WebDNA can input Append command strings that would wreak > havoc on your system. > > The answer to this problem is to NOT open up destructive commands to > non-admin users. ALWAYS use contexts instead of commands whenever possible. > See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, but that's a global security setting. I think I'm going to have to re-code those couple of pages to avoid that.Thanks to everyone for the reminders.Cheers, Steve ------------------------------------------------ Steven Jarvis Web Developer sjarvis@nwaonline.netMorning News of Northwest Arkansas http://www.nwaonline.net ------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  2. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  3. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  4. Re: why am I getting an authenticate dialog with no [protect]? (Peter Ostry 2000)
  5. Re: why am I getting an authenticate dialog with no [protect]? (Marty Schmid 2000)
  6. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  7. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  8. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  9. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  10. Re: why am I getting an authenticate dialog with no [protect]? (Chris Allman 2000)
  11. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  12. Re: why am I getting an authenticate dialog with no [protect]? (Joseph D'Andrea 2000)
  13. why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
> on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote: > >> No, that's not the issue. I'm actually passing an Append command to the db, >> and I didn't have Append in the list of allowed non-admin commands, as Chris >> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to > non-admin users you are opening up a huge security hole. Now, anyone with a > little knowledge of WebDNA can input Append command strings that would wreak > havoc on your system. > > The answer to this problem is to NOT open up destructive commands to > non-admin users. ALWAYS use contexts instead of commands whenever possible. > See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, but that's a global security setting. I think I'm going to have to re-code those couple of pages to avoid that.Thanks to everyone for the reminders.Cheers, Steve ------------------------------------------------ Steven Jarvis Web Developer sjarvis@nwaonline.netMorning News of Northwest Arkansas http://www.nwaonline.net ------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Steven Jarvis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Webcat 2.0.1 date math bug -> Crash! (1997) [WebDNA] Installing with MAMP (2015) WC2.0 Memory Requirements (1997) Server Freeze (1998) Almost a there but..bye bye NetCloak (1997) [/application] error? (1997) Spiders and Bots (2000) Maybe minor bug report (1997) Execute Applescript (1997) Round up prices (2000) Thanks Grant (1997) Help needed! (1998) WebCatalog for Postcards ? (1997) Re:[ShowIf] and empty fields (1997) Mac v. NT (1998) [BULK] [WebDNA] [BULK] Mac OS X LION has no FastCGI (2011) quantity minimum problem (1997) [WebDNA] Yosemite (2014) Fulfillment e-mail? (1998) Order not created error (never mind) (1997)