Re: why am I getting an authenticate dialog with no [protect]?
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 36093
interpreted = N
texte = >> No, that's not the issue. I'm actually passing an Append command to the db,>> and I didn't have Append in the list of allowed non-admin commands, as Chris>> Allman suggest. I added Append to that list and the problem is now solved!> > OK, but a note to everyone: realize that this is inherently a> security problem. If anonymous users can append records to your> databases, they may be able to think up ways to hack into your site.> > We recommend you use embedded [append] contexts on a page so that you> can [protect] that page with a custom group and thus limit access to> the database.Right, I realize the security risk in doing this. However, on this site, itwouldn't matter unless they added enough entries to fill up the hard driveor something. It's just not a sensitive db. I've set up others that ARE moresensitive, though, and the appends are in contexts and not in commands.Thanks for the reminder, though.SM: always lookin' out for us!Cheers,Steve------------------------------------------------Steven JarvisWeb Developersjarvis@nwaonline.netMorning News of Northwest Arkansashttp://www.nwaonline.net-------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
>> No, that's not the issue. I'm actually passing an Append command to the db,>> and I didn't have Append in the list of allowed non-admin commands, as Chris>> Allman suggest. I added Append to that list and the problem is now solved!> > OK, but a note to everyone: realize that this is inherently a> security problem. If anonymous users can append records to your> databases, they may be able to think up ways to hack into your site.> > We recommend you use embedded [append] contexts on a page so that you> can [protect] that page with a custom group and thus limit access to> the database.Right, I realize the security risk in doing this. However, on this site, itwouldn't matter unless they added enough entries to fill up the hard driveor something. It's just not a sensitive db. I've set up others that ARE moresensitive, though, and the appends are in contexts and not in commands.Thanks for the reminder, though.SM: always lookin' out for us!Cheers,Steve------------------------------------------------Steven JarvisWeb Developersjarvis@nwaonline.netMorning News of Northwest Arkansashttp://www.nwaonline.net-------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Steven Jarvis
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
OT: How to find out who owns an IP address (2001)
Webmerchant (1999)
Bug Fix for wbrk??? (1999)
ShipCosts database (1997)
Database Updates (1997)
WebCatalog can't find database (1997)
[Webcat 2]Next (1997)
RE: Languages (1997)
converchars in sendmail context.... (2004)
emailer settings and control questions (1997)
Bug? (1997)
[Sum] function? (1997)
Looking for a Manual (1997)
unsubscribe (2000)
searchable list archive (1997)
I give up!! (1997)
Can I do this with [grep]? (2002)
PIXO support (1997)
version 2 for NT (1997)
Online reference (1997)