[development] Video module getting ready for 4.7 release: need
help debugging
Gabor Hojtsy
gabor at hojtsy.hu
Mon Jun 19 21:14:46 UTC 2006
Earl, Amazon could give you data that contains special HTML chars like <
or > which would break the display without any hacker getting into your
DB.
Goba
On Mon, 19 Jun 2006, Earl Dunovant wrote:
> Serious question: if an attacker has the necessary access to modify the data
> in the table (because that is what it would take to cause a problem) or if
> someone installs a malicious module do I really have any way to stop it?
>
> On 6/19/06, Dries Buytaert <dries.buytaert at gmail.com> wrote:
>>
>>
>> On 19 Jun 2006, at 18:41, Earl Dunovant wrote:
>>> These fields are coming from the database, and the table is
>>> populated with data from Amazon.com. I prefer scrubbing it on the
>>> way in (admittedly not doing that at the moment because I figured
>>> if you can hijack Amazon.com's servers you're going to get me if
>>> you want to anyway). The fewer places I have to worry about it, the
>>> better.
>>
>> That doesn't work. People (or modules) could edit or modify the node
>> at any time, and then you'd be toast. :-)
>>
>> --
>> Dries Buytaert :: http://www.buytaert.net/
>>
>>
>
>
More information about the development
mailing list