[pLog-general] how to protect your site?

Jon Daley plogworld at daley.snurgle.org
Thu Feb 24 14:26:32 GMT 2005 

 	That seems reasonable, as long as the configuration option says, 
"Danger, Will Robinson, Danger.  Are you sure you know what you are 
doing??"

(:



On Thu, 24 Feb 2005, Oscar Renalias wrote:

> It definitely should be enabled by default, but perhaps we could add a
> configuration option to easily enable/disable this feature?
>
> Oscar
>
>
> On Thu, 24 Feb 2005 09:17:13 -0500 (EST), Jon Daley
> <plogworld at daley.snurgle.org> wrote:
>> {php} is enabled by default, because security is disabled.
>> When I enabled it on my machine, I got a strange error on "new post",
>> where the javascript preview function popped up an error box.
>> Unfortunately, I didn't write down the error message at the time, had some
>> stuff about NS_ error.
>>
>> And now I can't get it to happen again.
>>
>> I erased my cache and tried again, with no luck in making it fail.
>>
>> Perhaps we can just set this to true?  There are some other related
>> settings regarding trusted and untrusted directories.
>>
>> Enabling it does disable the {php} tags.
>>
>> See Smarty.class.php:
>>      /**
>>       * This enables template security. When enabled, many
>>       * things are restricted in the templates that
>>       * normally would go unchecked. This is useful when
>>       * untrusted parties are editing templates and you
>>       * want a reasonable level of security.
>>       * (no direct execution of PHP in templates for example)
>>       */
>>      var $security       =   false;
>>
>>
>> On Thu, 24 Feb 2005, Oscar Renalias wrote:
>>> 5) unless explicitely enabled, smarty should not allow users to
>>> execute php code via {php}...{/php} tags
>>
>> **************************************************************
>> *     Jonathan M. Daley     *   Everybody is ignorant, only  *
>> *   jondaley at snurgle.org    *     on different subjects.     *
>> * www.snurgle.org/~jondaley *                 -- Will Rogers *
>> **************************************************************
>> _______________________________________________
>> pLog-general mailing list
>> pLog-general at devel.plogworld.net
>> http://devel.plogworld.net/mailman/listinfo/plog-general
>>
> _______________________________________________
> pLog-general mailing list
> pLog-general at devel.plogworld.net
> http://devel.plogworld.net/mailman/listinfo/plog-general
>

**************************************************************
*     Jonathan M. Daley     *  Needs are a function of what  *
*   jondaley at snurgle.org    *       other people have.       *
* www.snurgle.org/~jondaley *            -- Jone's Principle *
**************************************************************

More information about the pLog-general mailing list