Limiting user access to .tmpl files

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 11902
interpreted = N
texte = I am new to WebCatalog, and need some clarification on user access. It seems to me that if I have ANY customer write-access to my site at all, the customer can upload a .tmpl file and then run it. They would be able to do any WebDNA actions at all, eg changing a database that is not in their realm.Am I missing something? If this is true, then I can't safely allow upload to any server that is running WebCatalog. This would severely limit its usefulness.Regards Thomas WBThomas Wedderburn-Bisshop Development Manager Woomera Net Solutions Associated Messages, from the most recent to the oldest:

    
  1. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  2. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  3. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  4. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  5. Re: Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
  6. Re: Limiting user access to .tmpl files (Grant Hulbert 1997)
  7. Re: Limiting user access to .tmpl files (Kenneth Grome 1997)
  8. Limiting user access to .tmpl files (Thomas Wedderburn-Bisshop 1997)
I am new to WebCatalog, and need some clarification on user access. It seems to me that if I have ANY customer write-access to my site at all, the customer can upload a .tmpl file and then run it. They would be able to do any WebDNA actions at all, eg changing a database that is not in their realm.Am I missing something? If this is true, then I can't safely allow upload to any server that is running WebCatalog. This would severely limit its usefulness.Regards Thomas WBThomas Wedderburn-Bisshop Development Manager Woomera Net Solutions Thomas Wedderburn-Bisshop

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Extra equals signs with IE? (More debugging questions...) (1997) Links and Carriage Returns, Oh my! (2000) Online reference (1997) Change Subtotal (2000) Link in a text (2000) (1998) [isfolder] and [filename] (1997) Show first couple of lines. (2003) simple forum/bboard (2004) Uh...can someone help me out with the b10? (1997) Protecting webdelivery (1997) re: [addlineitem] working almost (1997) http upload (2001) Version issue? (2004) Netscape 3.01 can't see db in form (1997) Protect vs Authenicate (1997) Fwd: 502 Bad Gateway (1998) absolute paths for databases? (1997) Integration with SQL (1997) my SOS last week... (1996)