[development] Remove PHP filter by default
Bèr Kessels
ber at webschuur.com
Sun Jan 29 20:30:41 UTC 2006
Op zondag 29 januari 2006 17:12, schreef Syscrusher:
> This won't help security, IMO. Again, novices won't be creating PHP no
> matter how easy or how hard you make it. Advanced users know what they are
> doing and will create _good_ PHP. The intermediate user who knows how to
> create PHP but not how to create good PHP won't be deterred by merely
> having to put it into a separate file instead of typing it into the CMS --
> these users know how to use FTP.
This is only one single case of security. 'Till now we have neglected the
network of sites. The cascaded administration rights. And even the fact that
people can gain PHP input rigths trough some backdoors, when they were given
too many rights. But the network (aka Drupal hosting) needs this most.
Let us please not forget that there are loads of other cases then that One
Site with Server You Administer.
Bèr
--
PGP ber at webschuur.com
http://www.webschuur.com/sites/webschuur.com/files/ber_webschuur.asc
PGP berkessels at gmx.net
http://www.webschuur.com/sites/webschuur.com/files/ber_gmx.asc
More information about the development
mailing list