I have 2 directories, "projects" and its subdirectory "admin". There are STM scripts in each directory. The projects directory is accessible by all, and the admin directory has Sambar Security Restrictions in place restricted to 1 user - an "administrator" (not the Sambar admin account).
In the projects directory, there is an STM page that contains HTML code to access other STM pages within the same directory, such as: <form METHOD=LINK ACTION="adminlistquery.stm"><input type="submit" VALUE="Search New/Updated Activities"></form> Notice that the STM file in the form code starts with the characters "admin". Now , when a user tries to access adminlistquery.stm, Sambar Restrictions take effect and the user name and password are requested, even though adminlistquery is in the projects (accessible to all) directory. It seems that Sambar cannot distinguish between a directory restriction and a file restriction. In the Sambar Security Configuration page, I have the URI to Restrict as "/projects/admin", and the User or Group to Restrict To as: the "administrator" noted above. Is this a security restriction configuration bug? ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
