[development] Video module getting ready for 4.7 release: need help debugging

Earl Dunovant prometheus6 at gmail.com
Mon Jun 19 20:25:28 UTC 2006


Serious question: if an attacker has the necessary access to modify the data
in the table (because that is what it would take to cause a problem) or if
someone installs a malicious module do I really have any way to stop it?

On 6/19/06, Dries Buytaert <dries.buytaert at gmail.com> wrote:
>
>
> On 19 Jun 2006, at 18:41, Earl Dunovant wrote:
> > These fields are coming from the database, and the table is
> > populated with data from Amazon.com. I prefer scrubbing it on the
> > way in (admittedly not doing that at the moment because I figured
> > if you can hijack Amazon.com's servers you're going to get me if
> > you want to anyway). The fewer places I have to worry about it, the
> > better.
>
> That doesn't work.  People (or modules) could edit or modify the node
> at any time, and then you'd be toast. :-)
>
> --
> Dries Buytaert  ::  http://www.buytaert.net/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.drupal.org/pipermail/development/attachments/20060619/a7bcccbf/attachment.htm


More information about the development mailing list