Re: Security for malls with different webmasters

This WebDNA talk-list message is from

1998


It keeps the original formatting.
numero = 16662
interpreted = N
texte = >The problem is: Every webmaster has full rights to his directory (to >update his own sites). This means he could write a template that can >manipulate the data in the database in another directory/shop, couldn't >he?Yes, all the major software vendors (including us) are wrestling with this issue. The solutions right now are more managerial than technical (Don't screw anybody else up, or else you suffer dire consequences).>Is there any way to prevent that and still allow full access to the >directory? What about commands like CopyFile or DeleteFile? Can they >be switched off completely or kept from working outside their parent >directory?No, although that is an excellent idea. In general, though, anyone who has ftp access to your server ought to be a trusted party, because there are plenty of bad things they can do by uploading perl scripts, batch files, AppleScripts, etc., even without WebCatalog installed.Technical Support | ==== eCommerce and Beyond ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ Associated Messages, from the most recent to the oldest:

    
  1. Re: Security for malls with different webmasters (Jack Baty 1998)
  2. Re: Security for malls with different webmasters (PCS Technical Support 1998)
  3. Re: Security for malls with different webmasters (Kenneth Grome 1998)
  4. Security for malls with different webmasters (Rainer Hofmeister 1998)
  5. Re: Security for malls with different webmasters (Olin Lagon 1998)
>The problem is: Every webmaster has full rights to his directory (to >update his own sites). This means he could write a template that can >manipulate the data in the database in another directory/shop, couldn't >he?Yes, all the major software vendors (including us) are wrestling with this issue. The solutions right now are more managerial than technical (Don't screw anybody else up, or else you suffer dire consequences).>Is there any way to prevent that and still allow full access to the >directory? What about commands like CopyFile or DeleteFile? Can they >be switched off completely or kept from working outside their parent >directory?No, although that is an excellent idea. In general, though, anyone who has ftp access to your server ought to be a trusted party, because there are plenty of bad things they can do by uploading perl scripts, batch files, AppleScripts, etc., even without WebCatalog installed.Technical Support | ==== eCommerce and Beyond ==== Pacific Coast Software | WebCatalog, WebMerchant, 11770 Bernardo Plaza Court | SiteEdit Pro, PhotoMaster, San Diego, CA 92128 | Typhoon 619/675-1106 Fax: 619/675-0372 | http://www.smithmicro.com/ PCS Technical Support

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Mozilla/4. and Browser Info.txt (1997) &fieldsdir=ra truely random?? (2000) Size of WebDNA (version) market??? (2004) [include ...] behavior (1997) OT: Adjusting Pic Sizes etc (2002) Include files (1998) WebCat b13 CGI -shownext- (1997) [WebDNA] anybody installed on snow leopard (2009) Country & Ship-to address & other fields ? (1997) Enhancement Request for WebCatalog-NT (1996) WebDNA Solutions ... sorry! (1997) Getting total number of items ordered (1997) syntax question, not in online refernce (1997) WebCatalog for Postcards ? (1997) followup to ws3 vs ws2.1 speed (1998) search/showif issues (2000) Possible Bug in 2.0b15.acgi (1997) problems with 2 tags (1997) How true is this? (1999) Question... (2002)