Re: WebCatalog security on NT

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 27476
interpreted = N
texte = Under NT it is possible to run the TPL files on a site by site bases. One thing WebCat can not do is change drive letters.My quick security guide NT is this: * Isolate each site on its own drive. * Only run TPL through WebCatalog on the websites that require WebCat. * Only run HTML and HTM through WebCatalog on the sites that need it. * Never run a WebCatalog site from the C: drive. * Always access your WebCat Admin through HTTPS:// * If WebCat is on C: and your site is on E: you have to create a Virtual Site to get over the C drive. So create the virtual site with an obscure name like IloveNT, HTTPS:///ilovent/admin/index.tpl * Backup everydayThere is a degree of trust involved when hosting sites that use *any* scripting language. If a client does screw with the system or another site, you have a contract and legal action could be taken. This is my quick guide only because I wrote it quickly ;)James Howarth ********************************** Smith Micro, Internet Solutions Div | Formerly, Pacific Coast Software 16855 West Bernardo Drive | ------------------------- Suite 380 | eCommerce (WebCatalog) San Diego, CA 92127 | Software & Site Development 858.675.1106 | http://www.smithmicro.com 858.675.0372 (fax) ********************************** -----Original Message----- From: Serban Constantinescu [mailto:constan1@fx.ro] Sent: Tuesday, February 08, 2000 4:12 AM To: WebDNA-Talk@talk.smithmicro.com Subject: WebCatalog security on NT Hi,I would like to suggest a customer to offer webcat, on their NT web hosting systems.I have seen some posts from Ken, and I know that is the case on a Mac, that somebody with upload capabilities, could possibly cause *a lot* of trouble, deleting files, running applescripts, messing with the TCPSend command, and so onThe customer offers web hosting services, with virtual domains, on an NT box.Can webcat be told to run only in certain folders?If a client decides to run a webcat based site (let's say www.mmm.com), and they have ftp access to /websites/mmm/ , could they do any harm to somebody else in /websites/qqq/ ?Viceversa: could somebody from /websites/qqq/ upload a .tpl template and mess up something in /websites/mmm/ ?If anybody knows any tips regarding NT security, I would very much appreciate your response.Thanks,Serban------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to ------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: WebCatalog security on NT (JHowarth@smithmicro.com 2000)
  2. Re: WebCatalog security on NT (Kenneth Grome 2000)
  3. Re: WebCatalog security on NT (David M. Dantowitz 2000)
  4. Re: WebCatalog security on NT (Kenneth Grome 2000)
  5. Re: WebCatalog security on NT (Serban Constantinescu 2000)
  6. Re: WebCatalog security on NT (Kenneth Grome 2000)
  7. WebCatalog security on NT (Serban Constantinescu 2000)
Under NT it is possible to run the TPL files on a site by site bases. One thing WebCat can not do is change drive letters.My quick security guide NT is this: * Isolate each site on its own drive. * Only run TPL through WebCatalog on the websites that require WebCat. * Only run HTML and HTM through WebCatalog on the sites that need it. * Never run a WebCatalog site from the C: drive. * Always access your WebCat Admin through HTTPS:// * If WebCat is on C: and your site is on E: you have to create a Virtual Site to get over the C drive. So create the virtual site with an obscure name like IloveNT, HTTPS:///ilovent/admin/index.tpl * Backup everydayThere is a degree of trust involved when hosting sites that use *any* scripting language. If a client does screw with the system or another site, you have a contract and legal action could be taken. This is my quick guide only because I wrote it quickly ;)James Howarth ********************************** Smith Micro, Internet Solutions Div | Formerly, Pacific Coast Software 16855 West Bernardo Drive | ------------------------- Suite 380 | eCommerce (WebCatalog) San Diego, CA 92127 | Software & Site Development 858.675.1106 | http://www.smithmicro.com 858.675.0372 (fax) ********************************** -----Original Message----- From: Serban Constantinescu [mailto:constan1@fx.ro] Sent: Tuesday, February 08, 2000 4:12 AM To: WebDNA-Talk@talk.smithmicro.com Subject: WebCatalog security on NT Hi,I would like to suggest a customer to offer webcat, on their NT web hosting systems.I have seen some posts from Ken, and I know that is the case on a Mac, that somebody with upload capabilities, could possibly cause *a lot* of trouble, deleting files, running applescripts, messing with the TCPSend command, and so onThe customer offers web hosting services, with virtual domains, on an NT box.Can webcat be told to run only in certain folders?If a client decides to run a webcat based site (let's say www.mmm.com), and they have ftp access to /websites/mmm/ , could they do any harm to somebody else in /websites/qqq/ ?Viceversa: could somebody from /websites/qqq/ upload a .tpl template and mess up something in /websites/mmm/ ?If anybody knows any tips regarding NT security, I would very much appreciate your response.Thanks,Serban------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to ------------------------------------------------------------- Brought to you by CommuniGate Pro - The Buzz Word Compliant Messaging Server. To end your Mail problems go to .This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to JHowarth@smithmicro.com

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

show all problem (1997) FW: WebDNA-Talk searchable? (1997) Modifying Carts (1999) math on date? (1997) looping table rows (1999) ErrorMessage.db and redirect URL (1998) emailer w/F2 (1997) Freeze (2003) [OT] CSS and SSI books (2004) test (2004) Only charge card when product shipped ? (1997) Thanks and Big News!!! (1997) HELP! Search finding too much! (1998) WriteFile is there a max size? (1998) RE: automatic reload of frameset (1997) [WebDNA] reverse rank=off (2008) Giving out error pages (1997) RE: Server Traffic Simulation (1998) Search results templates (1996) Showif, Hideif reverse logic ? (1997)