[development] jQuery 1.2 is released

Gerhard Killesreiter gerhard at killesreiter.de
Thu Sep 13 14:33:20 UTC 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Daniel F. Kudwien schrieb:
>> Um, perhaps you all have not seen previous threads about the hazards of
>> allowing executable code in a writeable directory?
>>
>> -Peter 
> 
> By referencing to those 'obvious' discussions without any link or quote, I'm
> feeling quite stupid now. I've searched drupal.org, the development list
> archives and Google for the terms executable, code, writeable, directory(,
> drupal). Guess what? I did not find any thread containing useful,
> deep-insight information about why other systems like JOS/MOS are (more or
> less) successfully using writable directories for their modules [components]
> for quite some time now and Drupal is not.

Successful? My ass. Some stupid script kiddie managed to hack "my"
server because I let a friend run Joomla there and one of its components
allowed remote file uploads.

Luckily, the uploaded php script didn't work and my server did not
become a spam sending zombie and I did not have spend weeks to get it
out of blacklists again.

Sadly, I still had to spend a night to cleanly set up the machine again.

> Could someone please direct me/us to some einlightening issues and/or
> threads? That would be greatly appreciated.

Isn't the fact that it has bit me once good enough? :p

Cheers,
	Gerhard
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFG6Uovfg6TFvELooQRApzfAJ4jiGa9G65yVuPYIfKtqf3KgmBjnQCgkrPf
z7MVJkdPcn10LdwF85DK6DE=
=hYKa
-----END PGP SIGNATURE-----


More information about the development mailing list