Re: why am I getting an authenticate dialog with no [protect]?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 36092
interpreted = N
texte = on 11.08.2000 19:08, Steven Jarvis at sjarvis@nwaonline.net wrote:> ...I'm actually passing an Append command to the db, > and I didn't have Append in the list of allowed non-admin commands, as Chris > Allman suggest. I added Append to that list and the problem is now solved! I recommend NOT to use commands at all. Anybody can alter your database by simply playing with the URL. Of course, in a limited way this is possibly with context's too, but better controllable by the programmer. Meaningful commands in the URL are an invitation for hobby-hackers. They only need some phantasy, experience or a Webcat manual to destroy your site... Peter ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  2. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  3. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  4. Re: why am I getting an authenticate dialog with no [protect]? (Peter Ostry 2000)
  5. Re: why am I getting an authenticate dialog with no [protect]? (Marty Schmid 2000)
  6. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  7. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  8. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  9. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  10. Re: why am I getting an authenticate dialog with no [protect]? (Chris Allman 2000)
  11. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  12. Re: why am I getting an authenticate dialog with no [protect]? (Joseph D'Andrea 2000)
  13. why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
on 11.08.2000 19:08, Steven Jarvis at sjarvis@nwaonline.net wrote:> ...I'm actually passing an Append command to the db, > and I didn't have Append in the list of allowed non-admin commands, as Chris > Allman suggest. I added Append to that list and the problem is now solved! I recommend NOT to use commands at all. Anybody can alter your database by simply playing with the URL. Of course, in a limited way this is possibly with context's too, but better controllable by the programmer. Meaningful commands in the URL are an invitation for hobby-hackers. They only need some phantasy, experience or a Webcat manual to destroy your site... Peter ------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Peter Ostry

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

# fields limited? (1997) Almost a there but..bye bye NetCloak (1997) taxTotal (1997) WCS Newbie question (1997) Resume Catalog ? (1997) Setting a null value for reply to address using sendmail... (2001) Issues with the default db files ... (2003) Shell on MacOSX (2004) Emailing html (1998) lineitems are gone (1998) Help! WebCat2 bug (Ben's input) (1997) code to phantom spacing (2001) How much is too much? I can never remember the answer. (2002) [WebDNA] Best practice re: password storage (2013) [Webcat 2]Next (1997) Tab Charactor (1997) Upgrading old WebCat Database Files (1997) HELP WITH DATES (1997) New Command prefs ... (1997) how to use WebCat w. SSL & CyberCash (1998)