[RULE] Inclusion of php scripts in SPIP CMS?
M. Fioretti
m.fioretti at inwind.it
Mon Mar 22 08:14:50 EET 2004
On Mon, Mar 22, 2004 06:43:15 AM +0100, C David Rigby (cdrigby at 9online.fr) wrote:
> From a security perspective, this should be okay if
>
> 1) We are confident we can trust the script to behave itself
We can come to that together as it would be just a few scripts, most
of which already existing
> 2) It does not accept any input in the form of a parameters supplied
> by the user (or at least restricts that input to, say, only the
> [a-zA-Z0-9] characters].
The existing scripts which fetch newest stuff from the database are
like this. The only problem is the form which places stuff in the test
database, and of course those provided by SPIP
> The point is to not let a user of the system narness a script to pass
> malicious/erroneous instructions to the server or a shell.
agreed.
Ciao,
Marco Fioretti
--
Marco Fioretti m.fioretti, at the server inwind.it
Red Hat for low memory http://www.rule-project.org/en/
Human beings act intelligently only after they have exhausted the
alternatives -- Abba Eban
_______________________________________________
Rule Project HOME PAGE: http://www.rule-project.org/en/
Rule Development Site: http://savannah.gnu.org/projects/rule/
Rule-list at nongnu.org
http://mail.nongnu.org/mailman/listinfo/rule-list
More information about the Rule-list
mailing list