Re: why am I getting an authenticate dialog with no [protect]?
This WebDNA talk-list message is from 2000
It keeps the original formatting.
numero = 36095
interpreted = N
texte = > on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote:> >> No, that's not the issue. I'm actually passing an Append command to the db,>> and I didn't have Append in the list of allowed non-admin commands, as Chris>> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to> non-admin users you are opening up a huge security hole. Now, anyone with a> little knowledge of WebDNA can input Append command strings that would wreak> havoc on your system.> > The answer to this problem is to NOT open up destructive commands to> non-admin users. ALWAYS use contexts instead of commands whenever possible.> See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, butthat's a global security setting. I think I'm going to have to re-code thosecouple of pages to avoid that.Thanks to everyone for the reminders.Cheers,Steve------------------------------------------------Steven JarvisWeb Developersjarvis@nwaonline.netMorning News of Northwest Arkansashttp://www.nwaonline.net-------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list
.To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Associated Messages, from the most recent to the oldest:
> on 8/11/00 10:08 AM, Steven Jarvis at sjarvis@nwaonline.net wrote:> >> No, that's not the issue. I'm actually passing an Append command to the db,>> and I didn't have Append in the list of allowed non-admin commands, as Chris>> Allman suggest. I added Append to that list and the problem is now solved!> You may want to seriously reconsider this issue. By opening up Append to> non-admin users you are opening up a huge security hole. Now, anyone with a> little knowledge of WebDNA can input Append command strings that would wreak> havoc on your system.> > The answer to this problem is to NOT open up destructive commands to> non-admin users. ALWAYS use contexts instead of commands whenever possible.> See the list archive for exhaustive coverage of all this.Hmmm... I was mistakenly thinking it only allowed it on the one db, butthat's a global security setting. I think I'm going to have to re-code thosecouple of pages to avoid that.Thanks to everyone for the reminders.Cheers,Steve------------------------------------------------Steven JarvisWeb Developersjarvis@nwaonline.netMorning News of Northwest Arkansashttp://www.nwaonline.net-------------------------------------------------------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Web Archive of this list is at: http://search.smithmicro.com/
Steven Jarvis
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
WebCat2b12--[searchstring] bug (1997)
Interesting speed comparison .. (2003)
WebCatalog for guestbook ? (1997)
RE: Credit card processing - UK (1997)
Setting Cart value (2000)
WebCat Bulletin Board Solution ? (1998)
WebCat NT v. Mac (1997)
[Sum] function? (1997)
Locking up with WebCatalog... (1997)
ShowNext example for GeneralStore (1997)
[delete] problem (1997)
Multiple cart additions (1997)
WebCat for Unix?? (1997)
[WebDNA] Emailer breaking format (2015)
Showif Context combined with Search (1997)
Uniqueness of [cart] - revisited (2004)
Search results templates (1996)
FormVariable (1999)
2.0 Info (1997)
WebCatalog for guestbook ? (1997)