Steve: Good idea to lock the model down, but we'll still need some way to run it as a special exception if you're logging in via the svc-authentication/authorization-persist. Of course, we could use a combo of svc-authentication-config and svc-authentication-persist, that way a basic username for createdb could be right in the configuration.
OTOH, running createdb is pretty harmless, actually - it never deletes anything, only creates it if it isn't there, so it's not the worst in terms of security problems. Mike On Thu, 23 Oct 2003 13:13:26 -0500 Stephen Davidson <[EMAIL PROTECTED]> wrote: > Greetings. > > As a followup to the Menu Update dropping the Keel Menu for unauthenticated users > and in regards to the Database creation link mentioned on > http://66.105.113.115/vqwiki-2.3.5/jsp/Wiki?StartupKeelAndAccessTestPage, it would > probably be a good idea to find some way to lock that particular model down. If no > one is in any particlular hurry, I will probably get to it around Christmas, and > install a configurable username/password combo for it. But > as long as that particular model is left available, any unauthorized user can run it > on your system. Don't know what the result would be, but if it clears any tables, > tha would probably not be a good thing.... > > Regards, > Steve > > -- > Java/J2EE Developer/Integrator > Co-Chair, Dallas/FortWorth J2EE Sig > 214-724-7741 > > > http://keelframework.org/documentation > Keelgroup mailing list > [EMAIL PROTECTED] > http://lists.keelframework.com/listinfo.cgi/keelgroup-keelframework.com Michael Nash JGlobal Ltd. http://www.jglobal.com Bahamas Commerce and Trade http://www.bahamascommerce.com http://keelframework.org/documentation Keelgroup mailing list [EMAIL PROTECTED] http://lists.keelframework.com/listinfo.cgi/keelgroup-keelframework.com
