[pmwiki-devel] Security issues: Disabling action=source & action=diff?
Patrick R. Michaud
pmichaud at pobox.com
Wed Dec 6 10:37:55 CST 2006
On Wed, Dec 06, 2006 at 12:32:47AM +0100, christian.ridderstrom at gmail.com wrote:
> On Tue, 5 Dec 2006, Crisses wrote:
>
> > Anyone against this? For it? Want to help? Want to do it instead? :)
>
> I don't think action=source should be blocked by default.
Perhaps we should create a scripts/secure.php script and/or
an $EnableParanoidSecurity option that sets a higher level of
security for PmWiki. If done as the $EnableParanoidSecurity
option then recipes could use that variable setting as well
to set some of their defaults.
Pm
More information about the pmwiki-devel
mailing list