Re: why am I getting an authenticate dialog with no [protect]?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 36093
interpreted = N
texte = >> No, that's not the issue. I'm actually passing an Append command to the db, >> and I didn't have Append in the list of allowed non-admin commands, as Chris >> Allman suggest. I added Append to that list and the problem is now solved! > > OK, but a note to everyone: realize that this is inherently a > security problem. If anonymous users can append records to your > databases, they may be able to think up ways to hack into your site. > > We recommend you use embedded [append] contexts on a page so that you > can [protect] that page with a custom group and thus limit access to > the database.Right, I realize the security risk in doing this. However, on this site, it wouldn't matter unless they added enough entries to fill up the hard drive or something. It's just not a sensitive db. I've set up others that ARE more sensitive, though, and the appends are in contexts and not in commands.Thanks for the reminder, though.SM: always lookin' out for us! Cheers,Steve------------------------------------------------ Steven Jarvis Web Developer sjarvis@nwaonline.netMorning News of Northwest Arkansas http://www.nwaonline.net ------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  2. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  3. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  4. Re: why am I getting an authenticate dialog with no [protect]? (Peter Ostry 2000)
  5. Re: why am I getting an authenticate dialog with no [protect]? (Marty Schmid 2000)
  6. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  7. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  8. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  9. Re: why am I getting an authenticate dialog with no [protect]? (WebDNA Support 2000)
  10. Re: why am I getting an authenticate dialog with no [protect]? (Chris Allman 2000)
  11. Re: why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
  12. Re: why am I getting an authenticate dialog with no [protect]? (Joseph D'Andrea 2000)
  13. why am I getting an authenticate dialog with no [protect]? (Steven Jarvis 2000)
>> No, that's not the issue. I'm actually passing an Append command to the db, >> and I didn't have Append in the list of allowed non-admin commands, as Chris >> Allman suggest. I added Append to that list and the problem is now solved! > > OK, but a note to everyone: realize that this is inherently a > security problem. If anonymous users can append records to your > databases, they may be able to think up ways to hack into your site. > > We recommend you use embedded [append] contexts on a page so that you > can [protect] that page with a custom group and thus limit access to > the database.Right, I realize the security risk in doing this. However, on this site, it wouldn't matter unless they added enough entries to fill up the hard drive or something. It's just not a sensitive db. I've set up others that ARE more sensitive, though, and the appends are in contexts and not in commands.Thanks for the reminder, though.SM: always lookin' out for us! Cheers,Steve------------------------------------------------ Steven Jarvis Web Developer sjarvis@nwaonline.netMorning News of Northwest Arkansas http://www.nwaonline.net ------------------------------------------------------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/ Steven Jarvis

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

OT: How to find out who owns an IP address (2001) Webmerchant (1999) Bug Fix for wbrk??? (1999) ShipCosts database (1997) Database Updates (1997) WebCatalog can't find database (1997) [Webcat 2]Next (1997) RE: Languages (1997) converchars in sendmail context.... (2004) emailer settings and control questions (1997) Bug? (1997) [Sum] function? (1997) Looking for a Manual (1997) unsubscribe (2000) searchable list archive (1997) I give up!! (1997) Can I do this with [grep]? (2002) PIXO support (1997) version 2 for NT (1997) Online reference (1997)