[pmwiki-users] Request input on soon-coming FAST Data release
Crisses
crisses at kinhost.org
Mon Oct 9 02:50:24 CDT 2006
On Oct 5, 2006, at 9:27 AM, Joachim Durchholz wrote:
> Administrators then include just those feature files that they need
> from
> config.php, which in turn then include all the base machinery required
> specifically for them.
On this note, what about FastData's security?
If you have FastData enabled on an open-edit wiki, general people can
create forms that do all sorts of weird things. Suddenly your
website is able to be used to mass-mail spam to people in complete
violation of anti-spam laws. Or someone uses your site to send sms
spam messages to cell phones. Or....
Is there some way to limit the recipe to a passworded group? Only
allow the admin to authorize FastData to parse the forms? (similar to
approve_sites -- approve_form)
If I programmed a shopping cart app in FastData, and I had a group as
an open blog area, what's stopping someone from writing scripts in
Blog/SandBax that alter data pages (at Data-MyShoppingCart/Item10839)
for changes in price info by creating a custom form to over-write
actual item information on a data page somewhere?
In other words, once people understand how FastData works, how much
are we opening up said data & functionality to hackers?
Crisses
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20061009/bb7ef8c7/attachment.html
More information about the pmwiki-users
mailing list