[documentation] PHP snippets (once again)
Kieran Lal
kieran at civicspacelabs.org
Sun May 7 15:47:24 UTC 2006
On May 7, 2006, at 7:26 AM, Heine Deelstra wrote:
> Dear doc team,
>
> I looked at several snippets yesterday and to my horror many of
> them contain *obvious*, major security holes. I've spoken with the
> leader of the security team (chx) and we agreed to unpublish all
> obviously insecure snippets, then have a discussion based on
> numbers (ok vs. not ok) and how to proceed.
>
> In the limited sample set I've reviewed until now > 50% of the
> snippets either
>
> - bypass 'access' security (sometimes titles, sometimes full nodes)
> - allow XSS
> - allow SQL injection
> - allow a combination of the above
Snippets are driven by Fergus. Fergus, what do you want us to do?
Kieran
>
> Regards,
>
> Heine
>
> PS Should we decide to continue with php snippets in this way, I'll
> also be the one to publish them again :(
> --
> Pending work: http://drupal.org/project/issues/documentation/
> List archives: http://lists.drupal.org/pipermail/documentation/
>
More information about the documentation
mailing list