[development] jQuery 1.2 is released
gerhard at killesreiter.de
Thu Sep 13 14:33:20 UTC 2007
-----BEGIN PGP SIGNED MESSAGE-----
Daniel F. Kudwien schrieb:
>> Um, perhaps you all have not seen previous threads about the hazards of
>> allowing executable code in a writeable directory?
> By referencing to those 'obvious' discussions without any link or quote, I'm
> feeling quite stupid now. I've searched drupal.org, the development list
> archives and Google for the terms executable, code, writeable, directory(,
> drupal). Guess what? I did not find any thread containing useful,
> deep-insight information about why other systems like JOS/MOS are (more or
> less) successfully using writable directories for their modules [components]
> for quite some time now and Drupal is not.
Successful? My ass. Some stupid script kiddie managed to hack "my"
server because I let a friend run Joomla there and one of its components
allowed remote file uploads.
Luckily, the uploaded php script didn't work and my server did not
become a spam sending zombie and I did not have spend weeks to get it
out of blacklists again.
Sadly, I still had to spend a night to cleanly set up the machine again.
> Could someone please direct me/us to some einlightening issues and/or
> threads? That would be greatly appreciated.
Isn't the fact that it has bit me once good enough? :p
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
-----END PGP SIGNATURE-----
More information about the development