[development] Re: Remove PHP filter by default
chris at tinpixel.com
Sun Jan 29 22:11:01 UTC 2006
Karoly Negyesi wrote:
> On Sun, 29 Jan 2006 21:32:46 +0100, Raven Brooks
> <raven.brooks at buyblue.org> wrote:
>> Why is the existing option to disable this or limit it to certain
>> roles not sufficient?
> Because it takes exactly one badly written module to unleash hell. Yes,
> it happened in the past.
Removing this filter is not going to fix *that* problem. Without the PHP
filter, I can still write a completely broken module that will unleash hell.
This is a good reason for having a quality module evaluation scheme. Don't
use modules that are poorly written if you want security.
More information about the development