[development] Remove PHP filter by default

Bèr Kessels ber at webschuur.com
Sun Jan 29 20:30:41 UTC 2006

Op zondag 29 januari 2006 17:12, schreef Syscrusher:
> This won't help security, IMO. Again, novices won't be creating PHP no
> matter how easy or how hard you make it. Advanced users know what they are
> doing and will create _good_ PHP. The intermediate user who knows how to
> create PHP but not how to create good PHP won't be deterred by merely
> having to put it into a separate file instead of typing it into the CMS --
> these users know how to use FTP.

This is only one single case of security. 'Till now we have neglected the 
network of sites. The cascaded administration rights. And even the fact that 
people can gain PHP input rigths trough some backdoors, when they were given 
too many rights. But the network (aka Drupal hosting) needs this most.

Let us please not forget that there are loads of other cases then that One 
Site with Server You Administer.


 PGP ber at webschuur.com
 PGP berkessels at gmx.net

More information about the development mailing list