Re: WebCat2 beta 11 - new prefs ...

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 10337
interpreted = N
texte = >I assume that CommandSecurity also controls all the other commands too? OR >does this one deal only with the Append command?It controls all commands. Append was just example. Look at the preferences that ship with b11 for our recommended setup.>If it controls all commands, then setting CommandSecurity to T >effectively eliminates everyone but me from appending, replacing, and >deleting even if they enter the username and password that appears in the >record they are trying to append, replace, or delete - is this correct? > >I don't want that on my site, so I think I need to set CommandSecurity to >F ...No, we designed this feature just for you, so you're required to use it even if no one else does ;)Your setting should be CommandSecurity=T, CommandsAllowed=Replace, Delete, Search, ShowPage, etc. Notice the absence of Append from this list. This means remote unauthorized people cannot $Append to your databases with a URL. KEY CONCEPT: When you want anonymous people to Append to your databases, do it with an embedded [Append] context on a page that has [protect] of some kind on it. The preference only affects $Command, not embedded contexts.Ther idea here is that you can still achieve anonymous Appends using embedded [Append] contexts in a page...but now you have more control over it because you decide which databases get appended to. The only problem with $Append commands is that someone can homebrew a URL that appends records to any database of their choosing...not possible when you use embedded appends.Grant Hulbert, V.P. Engineering | Tools for WebWarriors Pacific Coast Software | WebCatalog, WebCommerce Solution 11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMaster San Diego, CA 92128 | 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Associated Messages, from the most recent to the oldest:

    
  1. Re: WebCat2 beta 11 - new prefs ... (Grant Hulbert 1997)
  2. Re: WebCat2 beta 11 - new prefs ... (Kenneth Grome 1997)
  3. Re: WebCat2 beta 11 - new prefs ... (Kenneth Grome 1997)
  4. Re: WebCat2 beta 11 - new prefs ... (Grant Hulbert 1997)
  5. WebCat2 beta 11 - new prefs ... (Kenneth Grome 1997)
>I assume that CommandSecurity also controls all the other commands too? OR >does this one deal only with the Append command?It controls all commands. Append was just example. Look at the preferences that ship with b11 for our recommended setup.>If it controls all commands, then setting CommandSecurity to T >effectively eliminates everyone but me from appending, replacing, and >deleting even if they enter the username and password that appears in the >record they are trying to append, replace, or delete - is this correct? > >I don't want that on my site, so I think I need to set CommandSecurity to >F ...No, we designed this feature just for you, so you're required to use it even if no one else does ;)Your setting should be CommandSecurity=T, CommandsAllowed=Replace, Delete, Search, ShowPage, etc. Notice the absence of Append from this list. This means remote unauthorized people cannot $Append to your databases with a URL. KEY CONCEPT: When you want anonymous people to Append to your databases, do it with an embedded [append] context on a page that has [protect] of some kind on it. The preference only affects $Command, not embedded contexts.Ther idea here is that you can still achieve anonymous Appends using embedded [append] contexts in a page...but now you have more control over it because you decide which databases get appended to. The only problem with $Append commands is that someone can homebrew a URL that appends records to any database of their choosing...not possible when you use embedded appends.Grant Hulbert, V.P. Engineering | Tools for WebWarriors Pacific Coast Software | WebCatalog, WebCommerce Solution 11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMaster San Diego, CA 92128 | 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com Grant Hulbert

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Ongoing group search problems ... (1997) required fields (1998) date tag not interpreted (2000) Duplicate Cart Problem in Netscape (2000) ShowNext Anomaly (1998) OT - How to pay commissions to non US affiliates? (2000) Not really WebCat - need HTML Grider (1997) [include ...] behavior (1997) Searching (2004) [movefile] (1999) [trim]?! (2004) Protect vs Authenicate (1997) test (2003) SQL Error: 00000 (2004) Not Enough Memory for Database? (2003) Re:Searching for ALL / empty form field *the FINAL answer* (1997) [Sum] function? (1997) RE: Timer Values on [redirect] (1998) Banners (1997) Limiting user access to .tmpl files (1997)