[pmwiki-users] Infected Cookbook Recipes?

kirpi at kirpi.it kirpi at kirpi.it
Sun Sep 21 15:49:53 CDT 2008


While I see pmwiki site under spam attack, and after having restored a
couple of web pages, I'm troubling myself with the following
(dreadful) thought: is there a sort of security
lock/code/flag/hash/signature/whatever allowing people to trust
(somehow) the recipes the community upload/download and let run inside
its servers?

Live example: I trust Hans and, due to the very many enhancements and
updates of Fox over time, I often happen to download and let the
latest Fox run at my site. Of course there is no way for me to
scrutinize the code (far too technical), so: how do I know that any
John Hacker hasn't just uploaded a malicious version of Fox, with that
couple of lines added which are perhaps enough to open a backdoor or
do harm in any way?

In case there is no security barrier at all, I humbly suggest some ad
hoc brainstorming should be welcome.

Luigi



More information about the pmwiki-users mailing list