Re: [replace] has protection feature like [delete]?

This WebDNA talk-list message is from

2000


It keeps the original formatting.
numero = 31540
interpreted = N
texte = If you let me admin my own record in the users.db, I can add any group I want to my own 'groups' field, then I can access all [protect]ed pages on the entire site -- whether or not that's what you wanted me to be able to do.The old username/password field stuff is a hold-over from webcat 1.6, and it's no longer considered the best way to secure your db's by any means ... I'm surprised that code was never removed from webcatalog a long time ago ... >otherwise how does one allow differing levels of administrators to >[replace] *only* >their alloted records in a db which is accessed by ALL level of admin? > (ie. prevent them from editing records that do not belong to their >authenticate group?) > >-John > >John Butler wrote: > >> [DELETE db=DatabasePath&eqNAMEdata=Fred] >> ... Note: if the database has username and password fields, then >>the records will not >> be deleted unless the visitor's web browser username/password >>match the record's >> username/password. >> >> is this behaviour also true for the [replace] context? There is >>no mention of it in >> the docs, but it would be nice to have that option so I ask... >> >> -John >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Associated Messages, from the most recent to the oldest:

    
  1. Re: [replace] has protection feature like [delete]? (John Butler 2000)
  2. Re: [replace] has protection feature like [delete]? (WebDNA Support 2000)
  3. Re: [replace] has protection feature like [delete]? (John Butler 2000)
  4. Re: [replace] has protection feature like [delete]? (Kenneth Grome 2000)
  5. [replace] has protection feature like [delete]? (John Butler 2000)
If you let me admin my own record in the users.db, I can add any group I want to my own 'groups' field, then I can access all [protect]ed pages on the entire site -- whether or not that's what you wanted me to be able to do.The old username/password field stuff is a hold-over from webcat 1.6, and it's no longer considered the best way to secure your db's by any means ... I'm surprised that code was never removed from webcatalog a long time ago ... >otherwise how does one allow differing levels of administrators to >[replace] *only* >their alloted records in a db which is accessed by ALL level of admin? > (ie. prevent them from editing records that do not belong to their >authenticate group?) > >-John > >John Butler wrote: > >> [DELETE db=DatabasePath&eqNAMEdata=Fred] >> ... Note: if the database has username and password fields, then >>the records will not >> be deleted unless the visitor's web browser username/password >>match the record's >> username/password. >> >> is this behaviour also true for the [replace] context? There is >>no mention of it in >> the docs, but it would be nice to have that option so I ask... >> >> -John >> >> ------------------------------------------------------------- >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> > > >------------------------------------------------------------- >This message is sent to you because you are subscribed to > the mailing list . >To unsubscribe, E-mail to: >To switch to the DIGEST mode, E-mail to >================================ Kenneth Grome, WebDNA Consultant 808-737-6499 http://webdna.net ================================------------------------------------------------------------- This message is sent to you because you are subscribed to the mailing list . To unsubscribe, E-mail to: To switch to the DIGEST mode, E-mail to Kenneth Grome

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Notepad problems (1998) multiple product databases (1997) Country & Ship-to address & other fields ? (1997) hideif/showif causes error if wrapped around searches (2003) [WebDNA] making all fields on a form mandatory (2013) more ! testing (1997) searchable list archive (1997) Quit revisited (1997) serial number generation (1997) Grep help (2004) What might be the cause for a hicup (2000) A question about security (1998) [searchString] (1997) WebCatalog 3.0.8 is on FTP... (2000) Re[2]: Enhancement Request for WebCatalog-NT (1996) % (mod) was looping table rows (1999) Non WebDNA forms and timed popups... (2002) Web Catalog 2 demo (1997) using showpage and showcart commands (1996) About WebDNA [well, and so the story ended] (2007)