Limiting user access to .tmpl files
This WebDNA talk-list message is from 1997
It keeps the original formatting.
numero = 11902
interpreted = N
texte = I am new to WebCatalog, and need some clarification on user access. It seems to me that if I have ANY customer write-access to my site at all, the customer can upload a .tmpl file and then run it. They would be able to do any WebDNA actions at all, eg changing a database that is not in their realm.Am I missing something? If this is true, then I can't safely allow upload to any server that is running WebCatalog. This would severely limit its usefulness.RegardsThomas WBThomas Wedderburn-BisshopDevelopment ManagerWoomera Net Solutions
Associated Messages, from the most recent to the oldest:
I am new to WebCatalog, and need some clarification on user access. It seems to me that if I have ANY customer write-access to my site at all, the customer can upload a .tmpl file and then run it. They would be able to do any WebDNA actions at all, eg changing a database that is not in their realm.Am I missing something? If this is true, then I can't safely allow upload to any server that is running WebCatalog. This would severely limit its usefulness.RegardsThomas WBThomas Wedderburn-BisshopDevelopment ManagerWoomera Net Solutions
Thomas Wedderburn-Bisshop
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Extra equals signs with IE? (More debugging questions...) (1997)
Links and Carriage Returns, Oh my! (2000)
Online reference (1997)
Change Subtotal (2000)
Link in a text (2000)
(1998)
[isfolder] and [filename] (1997)
Show first couple of lines. (2003)
simple forum/bboard (2004)
Uh...can someone help me out with the b10? (1997)
Protecting webdelivery (1997)
re: [addlineitem] working almost (1997)
http upload (2001)
Version issue? (2004)
Netscape 3.01 can't see db in form (1997)
Protect vs Authenicate (1997)
Fwd: 502 Bad Gateway (1998)
absolute paths for databases? (1997)
Integration with SQL (1997)
my SOS last week... (1996)