[development] Re: Remove PHP filter by default
raven.brooks at buyblue.org
Sun Jan 29 20:32:46 UTC 2006
Why is the existing option to disable this or limit it to certain
roles not sufficient? One simply has to go to admin/filters and
click disable if they don't want it. Perhaps the documentation or
install instructions need to be enhanced to have a chapter about
security (i.e. if you want to secure your site here are all the
things you can do and their impact).
As others have said, just because you are writing PHP doesn't mean
you are coding functionality, you may just be trying to generate
dynamic content on your site in a block or something. That is
something drupal should allow and you should need to write a module
to do that.
Drupal is not exclusively used by people that can get in there and
upload files to their FTP server. If that was to be offered as
"more secure" way of doing things that is fine, but it should be an
administrator choice it shouldn't be required.
More information about the development