[pmwiki-users] Request input on soon-coming FAST Data release

Crisses crisses at kinhost.org
Mon Oct 9 02:50:24 CDT 2006


On Oct 5, 2006, at 9:27 AM, Joachim Durchholz wrote:

> Administrators then include just those feature files that they need  
> from
> config.php, which in turn then include all the base machinery required
> specifically for them.

On this note, what about FastData's security?

If you have FastData enabled on an open-edit wiki, general people can  
create forms that do all sorts of weird things.  Suddenly your  
website is able to be used to mass-mail spam to people in complete  
violation of anti-spam laws.  Or someone uses your site to send sms  
spam messages to cell phones.  Or....

Is there some way to limit the recipe to a passworded group?  Only  
allow the admin to authorize FastData to parse the forms? (similar to  
approve_sites -- approve_form)

If I programmed a shopping cart app in FastData, and I had a group as  
an open blog area, what's stopping someone from writing scripts in  
Blog/SandBax that alter data pages (at Data-MyShoppingCart/Item10839)  
for changes in price info by creating a custom form to over-write  
actual item information on a data page somewhere?

In other words, once people understand how FastData works, how much  
are we opening up said data & functionality to hackers?

Crisses
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20061009/bb7ef8c7/attachment.html 


More information about the pmwiki-users mailing list