[pmwiki-users] OpenOffice.org file uploads
Robin Sheat
robin at kallisti.net.nz
Mon Nov 13 04:51:03 CST 2006
On Monday 13 November 2006 10:45, Algis Kabaila wrote:
> I will sure try it - it sounds just like what we need. I was aware of the
> security issue, but it is our groups opinion that OO.org files are more
> secure than other types. I will report the outcome.
They are more secure. The reason PmWiki only specifies allowed extensions is
for a different security problem. If you could upload (say) a .pl file, and
the server has mod_perl enabled, then you can do Bad Things(tm). So it errs
on the side of only letting a few things through. It's to protect the server,
more than the users :)
--
Robin <robin at kallisti.net.nz> JabberID: <eythian at jabber.kallisti.net.nz>
Hostes alienigeni me abduxerunt. Qui annus est?
PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/pmwiki-users/attachments/20061113/92ee22a9/attachment.bin
More information about the pmwiki-users
mailing list