Re: protect tag on NT IIS

This WebDNA talk-list message is from

1997


It keeps the original formatting.
numero = 14745
interpreted = N
texte = >>Whether or not your pages are protected with a [protect] tag has >>nothing to do with WebCat's CommandSecurity and CommandsAllowed >>prefs. Pages protected with the [protect] tag only check the users.db >>for an acceptable username/password based on the group named in the >>protect tag. > >This is what I thought. But when I use $append within a form on a page >that is [protect]ed, webcat throws up the IIS-forms based page asking for >my username and password. No matter what I type in, the page does NOT >pass this protection. Then only way I got it to append was to (1) change >the preferences to allow for anonymous appends which I don't like and (2) >use the [append] context. > >My question is: Can I use the NT version with IIS and use a form based >append command on a [protect]ed page without adding append to my webcat >preferences for anonymous access? It seems to me that using forms based >append is not anonymous and is coming from the tpl file, not a URL. Is >this an IIS thing?Basically, WebCat sees no difference in getting a command from a URL or from a form. Because of this, you must enable the append command in the prefs if you want to use an append command from either a form or a hyperlink. Unless ...I seem to recall a *possible* way around this, and I have no idea whether my memory is correct on this point or not, but:You may NOT have to enable the append command in your prefs, provided the username and password values entered into the IIS-forms based page have ADMIN access. To test this theory, try entering the username and password of someone in the admin group when that form pops up, and maybe your append will work.If it does, at least you'll know that only those with admin access will be able to append from your form. That may not be what you really want, but you can always deal with this simply by putting your append into a context instead. Contexts are more secure anyways ... :)Sincerely, Ken Grome WebDNA Solutions http://www.smithmicro.com/webdnasolutions/. Associated Messages, from the most recent to the oldest:

    
  1. Re: protect tag on NT IIS (Olin 1997)
  2. Re: protect tag on NT IIS (Grant Hulbert 1997)
  3. Re: protect tag on NT IIS (Kenneth Grome 1997)
  4. Re: protect tag on NT IIS (Olin 1997)
  5. Re: protect tag on NT IIS (Kenneth Grome 1997)
  6. Re: protect tag on NT IIS (Olin 1997)
  7. Re: protect tag on NT IIS (Kenneth Grome 1997)
  8. protect tag on NT IIS (Olin 1997)
>>Whether or not your pages are protected with a [protect] tag has >>nothing to do with WebCat's CommandSecurity and CommandsAllowed >>prefs. Pages protected with the [protect] tag only check the users.db >>for an acceptable username/password based on the group named in the >>protect tag. > >This is what I thought. But when I use $append within a form on a page >that is [protect]ed, webcat throws up the IIS-forms based page asking for >my username and password. No matter what I type in, the page does NOT >pass this protection. Then only way I got it to append was to (1) change >the preferences to allow for anonymous appends which I don't like and (2) >use the [append] context. > >My question is: Can I use the NT version with IIS and use a form based >append command on a [protect]ed page without adding append to my webcat >preferences for anonymous access? It seems to me that using forms based >append is not anonymous and is coming from the tpl file, not a URL. Is >this an IIS thing?Basically, WebCat sees no difference in getting a command from a URL or from a form. Because of this, you must enable the append command in the prefs if you want to use an append command from either a form or a hyperlink. Unless ...I seem to recall a *possible* way around this, and I have no idea whether my memory is correct on this point or not, but:You may NOT have to enable the append command in your prefs, provided the username and password values entered into the IIS-forms based page have ADMIN access. To test this theory, try entering the username and password of someone in the admin group when that form pops up, and maybe your append will work.If it does, at least you'll know that only those with admin access will be able to append from your form. That may not be what you really want, but you can always deal with this simply by putting your append into a context instead. Contexts are more secure anyways ... :)Sincerely, Ken Grome WebDNA Solutions http://www.smithmicro.com/webdnasolutions/. Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Re:Remote stockroom ? (1998) Re1000001: Setting up shop (1997) ampersand hell (2003) Limiting user access to .tmpl files (1997) WebTEN vs webSTAR (1998) Here's an example of an applet in a tpl (1997) [WebDNA] Simple Date Format Conversion (2008) WebMerchant when CC network is down (1998) WebCat2b15MacPlugin - [protect] (1997) RedHat Linux glibc version 2.1.2 or higher required (2000) Special delete ... (1997) RE: Jimmy Houssen (1998) all records returned. (1997) handling cookies in and out of secure space (2000) Using Plug-In while running 1.6.1 (1997) Trouble with carts (2000) [WebDNA] List Files question (2009) Public beta 5 of WebCatalog 4.0 is now available (2000) Problems passing [SKU] with $Replace in 2.0 (1997) [format xs] freeze (1997)