Re[2]: Shopping Cart Directory

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 30384
interpreted = N
texte = I also run WebSite Pro 2.x, so I can walk you through this. As an aside, without a way to list the Orders directory, there is very little chance for anyone to guess the name of an orderfile. WebSite can exclude a directory or directory tree from listing files (in the absence of an index.html file) by going to the Access Control tab and finding the virtual site root (for example /mysite) and selecting Disable directory listing for that path. Now all of the directories under that path will not provide a directory listing in the absence of a default index file.In any case, if you need to be real sure that there is no way to view or download an order file, do the following:1) Select the Access Control tab2) Select New and type the logical path to the Orders directory. For example, if you called your site /mysite, you would type the URL /mysite/Orders (assuming your order directory was off the virtual root)3) When you have created that ACL, change the Class Restrictions to your hearts contentI usually change the radio button to Deny, then allow because the boolean makes my head hurt otherwise. Then I delete the all under Allow and add a record all to the Deny box. This will deny all unmediated access to that directory and anything under it. That doesn't mean that WebCatalog cannot get to that file, so you can use a protected access template to view the files, but no one can view/download the files directly.Notice that there is more than one way to do this; you can also fiddle with the other settings and restrict access to specific IP address ranges or password protect them or ??? I always turn off directory listing for every virtual site (why is that not the default???), and additionally lock out specific directories (as I remember ;~).Hope this helps.John Peacock ____________________Reply Separator____________________ Subject: Re: Shopping Cart Directory Author: (WebCatalog Talk) Date: 4/12/2000 3:09 PMthis machine is running NT4 with Website PRO 2.x. The only way I see to secure the directory is to keep everything inside my cgi-shl/webcatalog directory.APC Net, Inc. - sales@apcn.net - www.apcn.net 4471 NW 36 St. #110 - Miami Springs, FL 33166 Web Hosting,Web Design & Internet Services-----Original Message----- From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of WebDNA Support Sent: Wednesday, April 12, 2000 1:52 PM To: WebCatalog Talk Subject: Re: Shopping Cart Directory >I needed some input on securing the shopping cart directory as well as >completedorders and orders. I realize I can put an index.htm file within the >directory however they can do a url call to the cart ID number if known and >view the cart file.What platform? Most web servers will let you specify certain directories that are 'no-nos' to outside URL requests.Technical Support ********************************** Smith Micro, Internet Solutions Div | eCommerce (WebCatalog) 16855 West Bernardo Drive, #380 | ------------------------- San Diego, CA 92127 | Software & Site Development WebCatalog Support: (858) 675-0632 | http://www.smithmicro.com Fax: (858) 675-0372 ********************************** ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re[2]: Shopping Cart Directory (jpeacock@univpress.com 2000)
I also run WebSite Pro 2.x, so I can walk you through this. As an aside, without a way to list the Orders directory, there is very little chance for anyone to guess the name of an orderfile. WebSite can exclude a directory or directory tree from listing files (in the absence of an index.html file) by going to the Access Control tab and finding the virtual site root (for example /mysite) and selecting Disable directory listing for that path. Now all of the directories under that path will not provide a directory listing in the absence of a default index file.In any case, if you need to be real sure that there is no way to view or download an order file, do the following:1) Select the Access Control tab2) Select New and type the logical path to the Orders directory. For example, if you called your site /mysite, you would type the URL /mysite/Orders (assuming your order directory was off the virtual root)3) When you have created that ACL, change the Class Restrictions to your hearts contentI usually change the radio button to Deny, then allow because the boolean makes my head hurt otherwise. Then I delete the all under Allow and add a record all to the Deny box. This will deny all unmediated access to that directory and anything under it. That doesn't mean that WebCatalog cannot get to that file, so you can use a protected access template to view the files, but no one can view/download the files directly.Notice that there is more than one way to do this; you can also fiddle with the other settings and restrict access to specific IP address ranges or password protect them or ??? I always turn off directory listing for every virtual site (why is that not the default???), and additionally lock out specific directories (as I remember ;~).Hope this helps.John Peacock ____________________Reply Separator____________________ Subject: Re: Shopping Cart Directory Author: (WebCatalog Talk) Date: 4/12/2000 3:09 PMthis machine is running NT4 with Website PRO 2.x. The only way I see to secure the directory is to keep everything inside my cgi-shl/webcatalog directory.APC Net, Inc. - sales@apcn.net - www.apcn.net 4471 NW 36 St. #110 - Miami Springs, FL 33166 Web Hosting,Web Design & Internet Services-----Original Message----- From: WebCatalog Talk [mailto:WebDNA-Talk@talk.smithmicro.com]On Behalf Of WebDNA Support Sent: Wednesday, April 12, 2000 1:52 PM To: WebCatalog Talk Subject: Re: Shopping Cart Directory >I needed some input on securing the shopping cart directory as well as >completedorders and orders. I realize I can put an index.htm file within the >directory however they can do a url call to the cart ID number if known and >view the cart file.What platform? Most web servers will let you specify certain directories that are 'no-nos' to outside URL requests.Technical Support ********************************** Smith Micro, Internet Solutions Div | eCommerce (WebCatalog) 16855 West Bernardo Drive, #380 | ------------------------- San Diego, CA 92127 | Software & Site Development WebCatalog Support: (858) 675-0632 | http://www.smithmicro.com Fax: (858) 675-0372 ********************************** ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to jpeacock@univpress.com

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Related database (2000) Linux ODBC and the ODBC Bridge (2000) Logging purchases (1997) autocommit problem (1998) space at start of menu (2000) Register First (2000) expired beta (1997) WebCat2b12plugin - [search] is broken ... not! (1997) [WebDNA] Case-insensitive URLs (2011) WebCat consulting $ (1998) problems with 2 tags (1997) Generating unique SKU from [cart] - Still Stumped... (1997) Re:What file? (1997) AAgghh!! Help, please. SSL strikes again. (1997) remotely add + sign (1997) OK, here goes... (1997) [applescript] (1999) WebCatalog for guestbook ? (1997) weird order problem in 4.5.1 (2004) Exists? (1997)