Re: Security for malls with different webmasters

This WebDNA talk-list message is from

1998

It keeps the original formatting. numero = 16658
interpreted = N
texte = >I am evaluating WebCatalog for use in a small mall. The mall consists of>several shops. Each shop has its own directory, templates and database.>>Every one of the shops has its own webmaster with FTP access to his (and>only his) directory.>>The problem is: Every webmaster has full rights to his directory (to>update his own sites). This means he could write a template that can>manipulate the data in the database in another directory/shop, couldn't>he?Yes.>Is there any way to prevent that and still allow full access to the>directory?No.>What about commands like CopyFile or DeleteFile? Can they>be switched off completely or kept from working outside their parent>directory?No.WebCatalog is far too powerful for you to be allowing anyone else to modify or upload WebDNA templates directly. To be secure, you cannot allow your webmasters to modify ANY WebDNA in existing templates, or to upload new templates with WebDNA code in them.If you want your webmasters to have the ability to change their sites while maintaining security for your server and all the sites running on it, then you must manually approve each new page that gets sent to you -- before you put it on your server. That generally means having them email their new templates to you, then you can review the code to be sure it's non-destructive before putting the file on the server.Sincerely,Ken Grome808-737-6499WebDNA Solutionsmailto:ken@webdna.nethttp://www.webdna.net Associated Messages, from the most recent to the oldest:

Re: Security for malls with different webmasters (Jack Baty 1998)
Re: Security for malls with different webmasters (PCS Technical Support 1998)
Re: Security for malls with different webmasters (Kenneth Grome 1998)
Security for malls with different webmasters (Rainer Hofmeister 1998)
Re: Security for malls with different webmasters (Olin Lagon 1998)

>I am evaluating WebCatalog for use in a small mall. The mall consists of>several shops. Each shop has its own directory, templates and database.>>Every one of the shops has its own webmaster with FTP access to his (and>only his) directory.>>The problem is: Every webmaster has full rights to his directory (to>update his own sites). This means he could write a template that can>manipulate the data in the database in another directory/shop, couldn't>he?Yes.>Is there any way to prevent that and still allow full access to the>directory?No.>What about commands like CopyFile or DeleteFile? Can they>be switched off completely or kept from working outside their parent>directory?No.WebCatalog is far too powerful for you to be allowing anyone else to modify or upload WebDNA templates directly. To be secure, you cannot allow your webmasters to modify ANY WebDNA in existing templates, or to upload new templates with WebDNA code in them.If you want your webmasters to have the ability to change their sites while maintaining security for your server and all the sites running on it, then you must manually approve each new page that gets sent to you -- before you put it on your server. That generally means having them email their new templates to you, then you can review the code to be sure it's non-destructive before putting the file on the server.Sincerely,Ken Grome808-737-6499WebDNA Solutionsmailto:ken@webdna.nethttp://www.webdna.net Kenneth Grome

DOWNLOAD WEBDNA NOW!

Re: Security for malls with different webmasters

1998

Top Articles:

Related Readings: