[development] jQuery 1.2 is released
Earnie Boyd
earnie at users.sourceforge.net
Fri Sep 14 00:26:54 UTC 2007
Quoting Earl Miles <merlin at logrus.com>:
>
> By allowing uploaded files to be run as code, any minor bug in the
> server or site software, anywhere, that could allow the uploading of
> arbitrary files could then ovewrite code that is run; this could then
> allow a much larger hack that could totally take over the site.
>
Uhm, the only one able to write to the files/jquery directory would be
Administrative types that want to install a jQuery plugin. Allowing
others to do that would be ludicrous. If this is such a big security
issue then the image modules better be careful!! This includes the
avatar in the profile modules.
Earnie -- http://for-my-kids.com/
-- http://give-me-an-offer.com/
More information about the development
mailing list