[development] Video module getting ready for 4.7 release: need
help debugging
Dries Buytaert
dries.buytaert at gmail.com
Mon Jun 19 20:44:46 UTC 2006
On 19 Jun 2006, at 22:25, Earl Dunovant wrote:
> Serious question: if an attacker has the necessary access to modify
> the data in the table (because that is what it would take to cause
> a problem) or if someone installs a malicious module do I really
> have any way to stop it?
Yes.
If someone has access to modify your amaozon-related nodes, he or she
could hijack the session of uid #1. So in theory, the module is
vulnerable. In practice, and depending on the assumptions you make
about how your module is used/configured, it is unlikely to be
exploited. Unlikely or not, it is best avoided, because you never
really know how your module is going to be used by others.
--
Dries Buytaert :: http://www.buytaert.net/
More information about the development
mailing list