Permissions on HTML file

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

Permissions on HTML file

Diane Houdek
I'd like to lock down some html files so that only a logged in lasso user has access to them.  I've set the directory so that "Everyone" has no access and the Lasso user has read/write access in Mac OS X and in Lasso tags, I've added html and in Lasso security I've set up that directory to be viewable and modifiable by AnyUser (no comment on that please, I'll change it once I get it working).  However, once I'm logged in to the lasso pages, I'm still getting a "Not Authorized" error, which seems to be a system level error, rather than a Lasso error.  Is this not workable?

Thanks,
Diane


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: Permissions on HTML file

stevepiercy
What do you mean by a "logged in lasso user"?  How did the user log in?

--steve


On Friday, October 3, 2008, [hidden email] (Diane Houdek) pronounced:

>I'd like to lock down some html files so that only a logged in lasso user has access
>to them.  I've set the directory so that "Everyone" has no access and the Lasso user
>has read/write access in Mac OS X and in Lasso tags, I've added html and in Lasso
>security I've set up that directory to be viewable and modifiable by AnyUser (no
>comment on that please, I'll change it once I get it working).  However, once I'm
>logged in to the lasso pages, I'm still getting a "Not Authorized" error, which
>seems to be a system level error, rather than a Lasso error.  Is this not workable?
>
>Thanks,
>Diane
>
>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy               Web Site Builder               Soquel, CA
<[hidden email]>                  <http://www.StevePiercy.com/>

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Re: Permissions on HTML file

Diane Houdek
Let's see, we realized a number of things, including that Lasso wasn't being required to process the html files (no wrapper around the file forcing the requirement of username and password tags), so we're fixing all that.  Got ahead of myself in posting to the list...

Thanks though,
Diane

>>> On 10/3/2008 at 2:50 PM, in message <[hidden email]>, Steve
Piercy - Web Site Builder <[hidden email]> wrote:

> What do you mean by a "logged in lasso user"?  How did the user log in?
>
> --steve
>
>
> On Friday, October 3, 2008, [hidden email] (Diane Houdek)
> pronounced:
>
>>I'd like to lock down some html files so that only a logged in lasso user has
> access
>>to them.  I've set the directory so that "Everyone" has no access and the
> Lasso user
>>has read/write access in Mac OS X and in Lasso tags, I've added html and in
> Lasso
>>security I've set up that directory to be viewable and modifiable by AnyUser
> (no
>>comment on that please, I'll change it once I get it working).  However, once
> I'm
>>logged in to the lasso pages, I'm still getting a "Not Authorized" error,
> which
>>seems to be a system level error, rather than a Lasso error.  Is this not
> workable?
>>
>>Thanks,
>>Diane
>>
>>
>
> -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
> Steve Piercy               Web Site Builder               Soquel, CA
> <[hidden email]>                  <http://www.StevePiercy.com/>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/

Reply | Threaded
Open this post in threaded view
|

Multipage Forms Question

kimonostereo
Hi folks,

I've been working on a multipage form where the questions are broken  
up into 4 different pages. On the final page of the form the data gets  
submitted to the database.

I was wondering: what is the proper and secure way to do this. In the  
past, I've just converted the action_params to var and kept passing  
them page to page by creating hidden fields with the variable embedded  
then recreating the var on the next page. I know there must be an  
easier/better/right way to do this.

I spent most of my day trying to go through the archives here but it's  
been slow. I thought i'd just ask if anyone could point me in the  
right direction.

Thanks
\\scott\\

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: Multipage Forms Question

Marc Pinnell-3
What about dumping the data into session vars? That way you aren't  
passing as new params.

Marc


On Jun 22, 2009, at 6:07 PM, Scott Yoshinaga wrote:

> Hi folks,
>
> I've been working on a multipage form where the questions are broken  
> up into 4 different pages. On the final page of the form the data  
> gets submitted to the database.
>
> I was wondering: what is the proper and secure way to do this. In  
> the past, I've just converted the action_params to var and kept  
> passing them page to page by creating hidden fields with the  
> variable embedded then recreating the var on the next page. I know  
> there must be an easier/better/right way to do this.
>
> I spent most of my day trying to go through the archives here but  
> it's been slow. I thought i'd just ask if anyone could point me in  
> the right direction.
>
> Thanks
> \\scott\\
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

--
Marc Pinnell
1027 Design
PO Box 990872
Redding, CA 96099-0872
530.941.4706
fax: 866.232.5300
www.1027Design.com




--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: Multipage Forms Question

Miles Works
In reply to this post by kimonostereo
Scott,

The simplest answer is to store the results in a session.  Its  
insecure but it accomplishes the job.

Miles.

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: Multipage Forms Question

kimonostereo
Hi Miles and Marc,

I actually went back through my notes and re-read your sessions  
tutorial for newbies today. I guess I'm still trying to figure out how  
to pass the data through the multiple pages.

I'll probably need to re-read it. Are there any other tutorials on how  
to use sessions?

thanks
\\scott\\

On Jun 22, 2009, at 3:16 PM, m i l e s wrote:

> Scott,
>
> The simplest answer is to store the results in a session.  Its  
> insecure but it accomplishes the job.
>
> Miles.
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: Multipage Forms Question

Doug Gentry-3
In reply to this post by kimonostereo
Hi -

You've gotten a couple of suggestions to use session variables, which  
is probably the best if you want to wait to add the data to the  
database until the end.

Before going into that more, is there is reason not to write to the  
database until the end? There often are compelling reasons, but  
there's just as good a reason to collect and store the data as you go  
along.

For session variables, I would start the session on the first page  
with a session_start tag. Then right away identify the session  
variables you will use on all 4 pages. Many people use a convention to  
name these session variables differently to remind you where they came  
from. Something like var:(s_varname)

After you submit a page, you would store the action_param values in  
session variables, and repeat this at each step. Remember to have a  
session_start tag on each page, so that the session can be kept alive  
as you move through the steps. Then once you get to the end you can  
refer to all of them.

Here is an ultra simple process - with just one new variable on each  
page.  And you can fiddle with the parameters in session_start as much  
as you'd like.

Page1:
session_start: -name='mysession', -expires=100, -useauto;
session_addvariable: -name='mysession', 's_v1';
session_addvariable: -name='mysession', 's_v2';
session_addvariable: -name='mysession', 's_v3';
session_addvariable: -name='mysession', 's_v4';
       
        ..form has this..
        <input type="text" name="v1" />

Page2
session_start: -name='mysession', -expires=100, -useauto;
var(s_v1)=(encode_sql: (action_param: 'v1'));
        <input type="text" name="v2" />

Page3
session_start: -name='mysession', -expires=100, -useauto;
var(s_v2)=(encode_sql: (action_param: 'v2'));

<input type="text" name="v3" />

Page4
session_start: -name='mysession', -expires=100, -useauto;
var(s_v3)=(encode_sql: (action_param: 'v3'));
<input type="text" name="v3" />

<input type="text" name="v3" />

Page5 - Final Response
session_start: -name='mysession', -expires=100, -useauto;
var(s_v4)=(encode_sql: (action_param: 'v4'));

inline: -add,
yada,yada,
'v1'=$s_v1,
'v2'=$s_v2',
'v3'=$s_v3',
'v4'=$s_v4;
/inline;

By keeping the session alive from page to page and putting the form  
variables in their own session variables, all of those session  
variables are now available on page 5 to put in the database.

...Doug Gentry



On Jun 22, 2009, at 6:07 PM, Scott Yoshinaga wrote:

> Hi folks,
>
> I've been working on a multipage form where the questions are broken  
> up into 4 different pages. On the final page of the form the data  
> gets submitted to the database.
>
> I was wondering: what is the proper and secure way to do this. In  
> the past, I've just converted the action_params to var and kept  
> passing them page to page by creating hidden fields with the  
> variable embedded then recreating the var on the next page. I know  
> there must be an easier/better/right way to do this.
>
> I spent most of my day trying to go through the archives here but  
> it's been slow. I thought i'd just ask if anyone could point me in  
> the right direction.
>
> Thanks
> \\scott\\
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>



---
Doug Gentry
Dynapolis & Southern Oregon University
p:  541-261-8501 / Toll Free: 866-890-6013
[hidden email]
www.dynapolis.com - blog: www.plain-sense.com



--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: Multipage Forms Question

stevepiercy
In reply to this post by kimonostereo
The Language Guide provides a good walk-through.  I'd start there.

There is this TOTW:
http://www.lassotech.com/TotW_20080516

As an aside, users tend to abandon a multi-page form, so if that is a concern, make sure you address it.  Often programmers make the mistake that users will do what we expect them to do.

--steve


On Monday, June 22, 2009, [hidden email] (Scott Yoshinaga) pronounced:

>Hi Miles and Marc,
>
>I actually went back through my notes and re-read your sessions  
>tutorial for newbies today. I guess I'm still trying to figure out how  
>to pass the data through the multiple pages.
>
>I'll probably need to re-read it. Are there any other tutorials on how  
>to use sessions?
>
>thanks
>\\scott\\
>
>On Jun 22, 2009, at 3:16 PM, m i l e s wrote:
>
>> Scott,
>>
>> The simplest answer is to store the results in a session.  Its  
>> insecure but it accomplishes the job.
>>
>> Miles.
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
>
>--
>This list is a free service of LassoSoft: http://www.LassoSoft.com/
>Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>Manage your subscription: http://www.ListSearch.com/Lasso/
>
>

-- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- --
Steve Piercy               Web Site Builder               Soquel, CA
<[hidden email]>                  <http://www.StevePiercy.com/>

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: Multipage Forms Question

Bil Corry-3
In reply to this post by Miles Works
m i l e s wrote on 6/22/2009 8:16 PM:
> The simplest answer is to store the results in a session.  Its insecure
> but it accomplishes the job.

What's insecure about it?  Or did you mean it's transitory?


- Bil



--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: Multipage Forms Question

Miles Works
Bil,

Transitory.

Miles.

--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/


Reply | Threaded
Open this post in threaded view
|

Re: Multipage Forms Question

kimonostereo
In reply to this post by Doug Gentry-3
Hi Doug and everyone else that has responded,

Thank you for the pointers and refresher on sessions. It's been a  
while since I've had to create something "new" in Lasso. It's great to  
know that you all are here to help.

I think I've got my brain wrapped around what I have to do. I did a  
test using this example and it works so I'll just apply it to my  
finished forms and see if it works on those.

thanks again!
\\scott\\

------------
Scott Yoshinaga
KimonoKitsy Studios LLC
Home of nemu*nemu the LOL Pups webcomic!
http://www.nemu-nemu.com/

On Jun 22, 2009, at 4:17 PM, Doug Gentry wrote:

> Hi -
>
> You've gotten a couple of suggestions to use session variables,  
> which is probably the best if you want to wait to add the data to  
> the database until the end.
>
> Before going into that more, is there is reason not to write to the  
> database until the end? There often are compelling reasons, but  
> there's just as good a reason to collect and store the data as you  
> go along.
>
> For session variables, I would start the session on the first page  
> with a session_start tag. Then right away identify the session  
> variables you will use on all 4 pages. Many people use a convention  
> to name these session variables differently to remind you where they  
> came from. Something like var:(s_varname)
>
> After you submit a page, you would store the action_param values in  
> session variables, and repeat this at each step. Remember to have a  
> session_start tag on each page, so that the session can be kept  
> alive as you move through the steps. Then once you get to the end  
> you can refer to all of them.
>
> Here is an ultra simple process - with just one new variable on each  
> page.  And you can fiddle with the parameters in session_start as  
> much as you'd like.
>
> Page1:
> session_start: -name='mysession', -expires=100, -useauto;
> session_addvariable: -name='mysession', 's_v1';
> session_addvariable: -name='mysession', 's_v2';
> session_addvariable: -name='mysession', 's_v3';
> session_addvariable: -name='mysession', 's_v4';
>
> ..form has this..
> <input type="text" name="v1" />
>
> Page2
> session_start: -name='mysession', -expires=100, -useauto;
> var(s_v1)=(encode_sql: (action_param: 'v1'));
> <input type="text" name="v2" />
>
> Page3
> session_start: -name='mysession', -expires=100, -useauto;
> var(s_v2)=(encode_sql: (action_param: 'v2'));
>
> <input type="text" name="v3" />
>
> Page4
> session_start: -name='mysession', -expires=100, -useauto;
> var(s_v3)=(encode_sql: (action_param: 'v3'));
> <input type="text" name="v3" />
>
> <input type="text" name="v3" />
>
> Page5 - Final Response
> session_start: -name='mysession', -expires=100, -useauto;
> var(s_v4)=(encode_sql: (action_param: 'v4'));
>
> inline: -add,
> yada,yada,
> 'v1'=$s_v1,
> 'v2'=$s_v2',
> 'v3'=$s_v3',
> 'v4'=$s_v4;
> /inline;
>
> By keeping the session alive from page to page and putting the form  
> variables in their own session variables, all of those session  
> variables are now available on page 5 to put in the database.
>
> ...Doug Gentry
>
>
>
> On Jun 22, 2009, at 6:07 PM, Scott Yoshinaga wrote:
>
>> Hi folks,
>>
>> I've been working on a multipage form where the questions are  
>> broken up into 4 different pages. On the final page of the form the  
>> data gets submitted to the database.
>>
>> I was wondering: what is the proper and secure way to do this. In  
>> the past, I've just converted the action_params to var and kept  
>> passing them page to page by creating hidden fields with the  
>> variable embedded then recreating the var on the next page. I know  
>> there must be an easier/better/right way to do this.
>>
>> I spent most of my day trying to go through the archives here but  
>> it's been slow. I thought i'd just ask if anyone could point me in  
>> the right direction.
>>
>> Thanks
>> \\scott\\
>>
>> --
>> This list is a free service of LassoSoft: http://www.LassoSoft.com/
>> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
>> Manage your subscription: http://www.ListSearch.com/Lasso/
>>
>>
>
>
>
> ---
> Doug Gentry
> Dynapolis & Southern Oregon University
> p:  541-261-8501 / Toll Free: 866-890-6013
> [hidden email]
> www.dynapolis.com - blog: www.plain-sense.com
>
>
>
> --
> This list is a free service of LassoSoft: http://www.LassoSoft.com/
> Search the list archives: http://www.ListSearch.com/Lasso/Browse/
> Manage your subscription: http://www.ListSearch.com/Lasso/
>
>


--
This list is a free service of LassoSoft: http://www.LassoSoft.com/
Search the list archives: http://www.ListSearch.com/Lasso/Browse/
Manage your subscription: http://www.ListSearch.com/Lasso/