[development] Video module getting ready for 4.7 release: need help debugging

Dries Buytaert dries.buytaert at gmail.com
Mon Jun 19 20:44:46 UTC 2006

On 19 Jun 2006, at 22:25, Earl Dunovant wrote:
> Serious question: if an attacker has the necessary access to modify  
> the data in the table (because that is what it would take to cause  
> a problem) or if someone installs a malicious module do I really  
> have any way to stop it?


If someone has access to modify your amaozon-related nodes, he or she  
could hijack the session of uid #1.  So in theory, the module is  
vulnerable.  In practice, and depending on the assumptions you make  
about how your module is used/configured, it is unlikely to be  
exploited.  Unlikely or not, it is best avoided, because you never  
really know how your module is going to be used by others.

Dries Buytaert  ::  http://www.buytaert.net/

More information about the development mailing list