Re: Protect
This WebDNA talk-list message is from 1997
It keeps the original formatting.
numero = 14250
interpreted = N
texte = >>So I want them to only be able to interact >>with their own templates and databases in their directory.>>Anyone who has rights to change a template can create WebDNA that does >lots of nasty things, roughly analogous to someone who has rights to >upload a CGI. The best protection you have is to give vendors an >administrative interface to modify their databases via forms, but don't >let them change template files.>>Grant Hulbert, V.P. Engineering | ==== eCommerce for the Rest of Us ====>Pacific Coast Software | WebCatalog, WebMerchant>11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster>San Diego, CA 92128 | SiteGuard>619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com>>>This is exactly what I thought. I don't think some of the others see the ramifications with this. I have a couple of companies that do web design in webcatalog. I am teaching them the basics. Being a programmer from way back I seen the problem right away and wanted to protect it. Now that I know I can't I will have to use other threats to them. Like crash something and it costs you $25. So make sure your code is good and non malicious.Bennie**************************************Bennie Warren /\LemooreNet / /320 West D Street / /Lemoore, CA 93245 / / /\ /\ Phone: 209.924.5909 / /_ _ / \ / /Fax 209.924.9578 \ _ _ / /\ \/ /bennie@lemoorenet.com / / \ /http://www.lemoorenet.com /_/ \/**************************************
Associated Messages, from the most recent to the oldest:
>>So I want them to only be able to interact >>with their own templates and databases in their directory.>>Anyone who has rights to change a template can create WebDNA that does >lots of nasty things, roughly analogous to someone who has rights to >upload a CGI. The best protection you have is to give vendors an >administrative interface to modify their databases via forms, but don't >let them change template files.>>Grant Hulbert, V.P. Engineering | ==== eCommerce for the Rest of Us ====>Pacific Coast Software | WebCatalog, WebMerchant>11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster>San Diego, CA 92128 | SiteGuard>619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com>>>This is exactly what I thought. I don't think some of the others see the ramifications with this. I have a couple of companies that do web design in webcatalog. I am teaching them the basics. Being a programmer from way back I seen the problem right away and wanted to protect it. Now that I know I can't I will have to use other threats to them. Like crash something and it costs you $25. So make sure your code is good and non malicious.Bennie**************************************Bennie Warren /\LemooreNet / /320 West D Street / /Lemoore, CA 93245 / / /\ /\ Phone: 209.924.5909 / /_ _ / \ / /Fax 209.924.9578 \ _ _ / /\ \/ /bennie@lemoorenet.com / / \ /http://www.lemoorenet.com /_/ \/**************************************
Bennie Warren
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
Using Grep to Format Text (2001)
Problems reading files created by WC (1997)
Problems getting parameters passed into email. (1997)
is sku a REQUIRED field on NT (1997)
tcpconnect (1999)
Menu Syntax on Edit/Add templates (1998)
Was 5.0 Pricing, now Sandbox versus Website and ruminating (2003)
Re:Gil's in the lead (1999)
CSV import suggestions (2007)
[SearchString] problem with [search] context (1997)
Bug Report, maybe (1997)
The Form authentication trick (2000)
surf express & webcat (1998)
RePost: NAT and the CART (1999)
Drop Down Menu from comma delimited values. (2002)
date format (another question) (2000)
A question on sub-categories (1997)
Re:no [search] with NT (1997)
WC2f3 (1997)
typo in docs (2000)