[pLog-svn] r6276 - in plog/branches/lifetype-1.2/class: data/validator misc template test/tests/misc
Jon Daley
plogworld at jon.limedaley.com
Sat Mar 29 21:08:18 EDT 2008
On Sun, 30 Mar 2008, Reto Hugi wrote:
> On 03/29/2008 10:22 PM, Jon Daley wrote:
>> Yeah, that's alright. I would be happier if we had an .htaccess
>> file to protect it, instead of depending on the validator code.
>
> hmm, that's interesting. Because I feel like we should make the upload
> script and validators more secure because some users may have to remove
> the directives or don't know how to modify (harden) them. While our
> black/whitelist settings in the administration interface should be
> rather intuitive. BUT maybe we can switch from a default blacklist to a
> default whitelist for 2.0, what do you think?
>
> and of course having the directive in the .htaccess gives us an
> additional layer of security which is just fine. I just think the
> validators should provide all the security we expect.
Sorry - I didn't mean remove the validator code, but I'd like to
see the .htaccess code work so well that if we ever had another bug in the
validator code it wouldn't hurt anything, because the .htaccess would
block any issues.
More information about the pLog-svn
mailing list