[pmwiki-users] OpenOffice.org file uploads

Robin Sheat robin at kallisti.net.nz
Mon Nov 13 04:51:03 CST 2006


On Monday 13 November 2006 10:45, Algis Kabaila wrote:
> I will sure try it - it sounds just like what we need.  I was aware of the
> security issue, but it is our groups opinion that OO.org files are more
> secure than other types.  I will report the outcome.
They are more secure. The reason PmWiki only specifies allowed extensions is 
for a different security problem. If you could upload (say) a .pl file, and 
the server has mod_perl enabled, then you can do Bad Things(tm). So it errs 
on the side of only letting a few things through. It's to protect the server, 
more than the users :)

-- 
Robin <robin at kallisti.net.nz> JabberID: <eythian at jabber.kallisti.net.nz>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8  7175 14D3 6485 A99C EB6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/pmwiki-users/attachments/20061113/92ee22a9/attachment.bin 


More information about the pmwiki-users mailing list