[pLog-svn] r6276 - in plog/branches/lifetype-1.2/class: data/validator misc template test/tests/misc
Reto Hugi
plog at hugi.to
Sat Mar 29 20:00:42 EDT 2008
On 03/29/2008 10:22 PM, Jon Daley wrote:
> Yeah, that's alright. I would be happier if we had an .htaccess
> file to protect it, instead of depending on the validator code.
>
hmm, that's interesting. Because I feel like we should make the upload
script and validators more secure because some users may have to remove
the directives or don't know how to modify (harden) them. While our
black/whitelist settings in the administration interface should be
rather intuitive. BUT maybe we can switch from a default blacklist to a
default whitelist for 2.0, what do you think?
and of course having the directive in the .htaccess gives us an
additional layer of security which is just fine. I just think the
validators should provide all the security we expect.
More information about the pLog-svn
mailing list