19 Jun
2006
19 Jun
'06
10:44 p.m.
On 19 Jun 2006, at 22:25, Earl Dunovant wrote:
Serious question: if an attacker has the necessary access to modify the data in the table (because that is what it would take to cause a problem) or if someone installs a malicious module do I really have any way to stop it?
Yes. If someone has access to modify your amaozon-related nodes, he or she could hijack the session of uid #1. So in theory, the module is vulnerable. In practice, and depending on the assumptions you make about how your module is used/configured, it is unlikely to be exploited. Unlikely or not, it is best avoided, because you never really know how your module is going to be used by others. -- Dries Buytaert :: http://www.buytaert.net/