[pmwiki-users] adding cookbook script

DaveG pmwiki at solidgone.com
Sun Feb 24 10:52:05 CST 2008

Patrick R. Michaud wrote:
> A similar argument goes for storing parts of config.php into
> a wiki page -- it means that someone who is able to modify
> those pages somehow can start executing arbitrary scripts
> on the server.  There may be cases where this would be
> okay, but in the general case I think it's too big a
> security risk for the core.
I understand the sentiment behind this, but almost every other web 
blog/wiki platform out there provides some kind of admin pages for 
installation or at least configuration of themes and plugins.

At some point we need to balance ease-of-use vs security we provide. 
Note, I'm not saying security isn't important. I'm suggesting we 
consider alternate ways of moving the pointer towards usability, without 
significantly compromising the security of the platform.

  ~ ~ Dave

More information about the pmwiki-users mailing list