RE: Writefile outside WebSTAR hierarchy?

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 13290
interpreted = N
texte = Ken ->Can writefile create files anywhere on the hard drive, or are these >files restricted to the webstar hierarchy?It can create files anywhere, which is useful if you store all your log files in a folder outside the WebSTAR hierarchy, for instance. Because this is only available as a context, you as administrator are the only one who can create files with [writefile].However, this brings up a potential security concern - you need to be careful about who is allowed to upload WebCatalog template files to your server, as the [writefile] context can both create files and overwrite existing files. This is a concern whether [writefile] is limited to the WebSTAR hierarchy or not. If you are allowing others to upload webcatalog files, keep this in mind and limit access to users you can trust (and always keep regular backups, whether it's for security or not! ;) )I hope this is clear,Marc Eagle StarNine Technologies http://www.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. RE: Writefile outside WebSTAR hierarchy? (Marc Eagle 1997)
  2. RE: Writefile outside WebSTAR hierarchy? (Daniel Cameron 1997)
Ken ->Can writefile create files anywhere on the hard drive, or are these >files restricted to the webstar hierarchy?It can create files anywhere, which is useful if you store all your log files in a folder outside the WebSTAR hierarchy, for instance. Because this is only available as a context, you as administrator are the only one who can create files with [writefile].However, this brings up a potential security concern - you need to be careful about who is allowed to upload WebCatalog template files to your server, as the [writefile] context can both create files and overwrite existing files. This is a concern whether [writefile] is limited to the WebSTAR hierarchy or not. If you are allowing others to upload webcatalog files, keep this in mind and limit access to users you can trust (and always keep regular backups, whether it's for security or not! ;) )I hope this is clear,Marc Eagle StarNine Technologies http://www.smithmicro.com/ Marc Eagle

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

WebDNA emailer details (2005) [OT] Server check please (2006) WC2b15 - [HTMLx]...[/HTMLx] problems (1997) [WebDNA] [ot] Snow Leopard Server - Mac Mini (2010) [WebDNA] CMS in WEBDNA (2009) Any word on upload feature? (2000) bypassing typo's (1998) Max Record length restated as maybe bug (1997) Fedora Core 3 and WebDNA (2005) Date search and sendmail (1997) [LOOKUP] (1997) WebMerchant 1.6 and https (1997) Sorting problem (2002) Poll using WebCat (1998) problems with 2 tags shakur (1997) all records returned. (1997) mimeheaders to allow back button to work on a posted page? (2004) WebCat2 - storing unformatted date data? (1997) RE: Remote administration (1998) Unexpected error (1997)