What is WebDNA

WebDNA is a scripting and database system designed to easily build web applications.

WebDNA and BioType

BioType service is a biometric keystroke dynamic system. It will be part of WebDNA 8.5

Download WebDNA

Download WebDNA freeware, try it and register later if you want.

WebDNA resources

The list of all WebDNA instructions.

WebDNA

Software Corporation

Search WebDNA Site

HOME

DOWNLOADS

LEARN

EDUCATION

NEWS

COMMUNITY

STORE

SUPPORT

CONTACT

[Feature Request] Stronghold security variables that cannot be

This WebDNA talk-list message is from

2000

It keeps the original formatting. numero = 29575
interpreted = N
texte = Say you have a form which helps you administer users. Some of these userscan be set to administrators or downgraded to simple users.Say you have a variable, IsAdmin, for instance, you wish to set to 0 or1 in order to set to administrator, and place in a [replace] context or a[SQL] call.For security purposes, you do not want to let this variable IsAdmin appearin the form. In the form, you use something like Administrator and you setit to Yes or No. Then a duo of [Showif] in the template (or the sectionof the template) that treats the datas returned by the form will do thetransformation into the IsAdmin variable.Say this form is also used by people who are adminitrators at a lower leveland you do not want them to be able to name other administrators or evendowngrade you.You do not want them to be able to add &IsSuperAdmin=1 to their own settingsor &IsAdmin=1 to somebody else or even &IsSuperAdmin=0 to your own setting.Adding &IsSuperAdmin=1 to the URL will make this variable a formvariable andyour script will not be able to force it to 0 or anything else.Of course, they have to know the name of the variables you use, but:1- They can always give it a try and maybe guess one of them2- You may have fired your (or one of your) WebDNA programmer(s), and heknows the templates and the names of the variablesSolution to case 1 is to use complicated names for those variables you donot wish somebody to force to what they want. But it is not 100% sure.Solution to case 2 is to reprogram the scripts (costly) or keep your WebDNAprogrammer, even if he acts like ....The great idea would be variables which names show that they cannot beforced as formvariables. Something like:[$IsAdmin] or anything like that would be great.WebCatalog have to know that a formvariable starting with this $ signshould not be imported.Err... Either this already exists and I don't know it yet, or it does notand please, if you could add this to WebCatalog, even version 3.0.x, thatwould be great!-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

Re: [Feature Request] Stronghold security variables that cannot beforce as formvariables (John Butler 2000)
[Feature Request] Stronghold security variables that cannot be (Nicolas Verhaeghe 2000)

Say you have a form which helps you administer users. Some of these userscan be set to administrators or downgraded to simple users.Say you have a variable, IsAdmin, for instance, you wish to set to 0 or1 in order to set to administrator, and place in a [replace] context or a[SQL] call.For security purposes, you do not want to let this variable IsAdmin appearin the form. In the form, you use something like Administrator and you setit to Yes or No. Then a duo of [showif] in the template (or the sectionof the template) that treats the datas returned by the form will do thetransformation into the IsAdmin variable.Say this form is also used by people who are adminitrators at a lower leveland you do not want them to be able to name other administrators or evendowngrade you.You do not want them to be able to add &IsSuperAdmin=1 to their own settingsor &IsAdmin=1 to somebody else or even &IsSuperAdmin=0 to your own setting.Adding &IsSuperAdmin=1 to the URL will make this variable a formvariable andyour script will not be able to force it to 0 or anything else.Of course, they have to know the name of the variables you use, but:1- They can always give it a try and maybe guess one of them2- You may have fired your (or one of your) WebDNA programmer(s), and heknows the templates and the names of the variablesSolution to case 1 is to use complicated names for those variables you donot wish somebody to force to what they want. But it is not 100% sure.Solution to case 2 is to reprogram the scripts (costly) or keep your WebDNAprogrammer, even if he acts like ....The great idea would be variables which names show that they cannot beforced as formvariables. Something like:[$IsAdmin] or anything like that would be great.WebCatalog have to know that a formvariable starting with this $ signshould not be imported.Err... Either this already exists and I don't know it yet, or it does notand please, if you could add this to WebCatalog, even version 3.0.x, thatwould be great!-------------------------------------------------------------This message is sent to you because you are subscribed to the mailing list .To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Nicolas Verhaeghe

DOWNLOAD WEBDNA NOW!

[Feature Request] Stronghold security variables that cannot be

2000

Top Articles:

Related Readings: