Re: WebCat2 beta 11 - new prefs ...
This WebDNA talk-list message is from 1997
It keeps the original formatting.
numero = 10337
interpreted = N
texte = >I assume that CommandSecurity also controls all the other commands too? OR>does this one deal only with the Append command?It controls all commands. Append was just example. Look at the preferences that ship with b11 for our recommended setup.>If it controls all commands, then setting CommandSecurity to T>effectively eliminates everyone but me from appending, replacing, and>deleting even if they enter the username and password that appears in the>record they are trying to append, replace, or delete - is this correct?>>I don't want that on my site, so I think I need to set CommandSecurity to>F ...No, we designed this feature just for you, so you're required to use it even if no one else does ;)Your setting should be CommandSecurity=T, CommandsAllowed=Replace, Delete, Search, ShowPage, etc. Notice the absence of Append from this list. This means remote unauthorized people cannot $Append to your databases with a URL. KEY CONCEPT: When you want anonymous people to Append to your databases, do it with an embedded [Append] context on a page that has [protect] of some kind on it. The preference only affects $Command, not embedded contexts.Ther idea here is that you can still achieve anonymous Appends using embedded [Append] contexts in a page...but now you have more control over it because you decide which databases get appended to. The only problem with $Append commands is that someone can homebrew a URL that appends records to any database of their choosing...not possible when you use embedded appends.Grant Hulbert, V.P. Engineering | Tools for WebWarriorsPacific Coast Software | WebCatalog, WebCommerce Solution11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMasterSan Diego, CA 92128 |619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com
Associated Messages, from the most recent to the oldest:
>I assume that CommandSecurity also controls all the other commands too? OR>does this one deal only with the Append command?It controls all commands. Append was just example. Look at the preferences that ship with b11 for our recommended setup.>If it controls all commands, then setting CommandSecurity to T>effectively eliminates everyone but me from appending, replacing, and>deleting even if they enter the username and password that appears in the>record they are trying to append, replace, or delete - is this correct?>>I don't want that on my site, so I think I need to set CommandSecurity to>F ...No, we designed this feature just for you, so you're required to use it even if no one else does ;)Your setting should be CommandSecurity=T, CommandsAllowed=Replace, Delete, Search, ShowPage, etc. Notice the absence of Append from this list. This means remote unauthorized people cannot $Append to your databases with a URL. KEY CONCEPT: When you want anonymous people to Append to your databases, do it with an embedded
[append] context on a page that has
[protect] of some kind on it. The preference only affects $Command, not embedded contexts.Ther idea here is that you can still achieve anonymous Appends using embedded
[append] contexts in a page...but now you have more control over it because you decide which databases get appended to. The only problem with $Append commands is that someone can homebrew a URL that appends records to any database of their choosing...not possible when you use embedded appends.Grant Hulbert, V.P. Engineering | Tools for WebWarriorsPacific Coast Software | WebCatalog, WebCommerce Solution11770 Bernardo Plaza Court, #462 | SiteEdit, SiteCheck, PhotoMasterSan Diego, CA 92128 |619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com
Grant Hulbert
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[BULK] RE: [WebDNA] RE: Error. WebDNA (version 5.1g or later) is not running. (2012)
WebCatalog and Webstar 3.02 (1998)
Running WebCat from a CD-ROM (1997)
Explorer 3.0 (1997)
Sitebuilder ifs not matching [SMSI?] (2004)
Security Question (1997)
WebDNA still will not start on restart (2002)
Speed questions (1998)
Internet Explorer 6 Form problems (2005)
Merging databases (1997)
MacFinder -- a new WebDNA web site (1998)
[interpret] inside the db field? (1997)
Random Command (1997)
Fwd: 502 Bad Gateway (1998)
Re:listfiles-looking for slick solution (1997)
4.5 Upgrade (2003)
time and welcome (1999)
WebCat2 Append problem (B14Macacgi) (1997)
add to cart within a page? (1997)
Cart creation techniques (was Problems with Price field) (1997)