[pmwiki-users] adding cookbook script
pmwiki at solidgone.com
Sun Feb 24 10:52:05 CST 2008
Patrick R. Michaud wrote:
> A similar argument goes for storing parts of config.php into
> a wiki page -- it means that someone who is able to modify
> those pages somehow can start executing arbitrary scripts
> on the server. There may be cases where this would be
> okay, but in the general case I think it's too big a
> security risk for the core.
I understand the sentiment behind this, but almost every other web
blog/wiki platform out there provides some kind of admin pages for
installation or at least configuration of themes and plugins.
At some point we need to balance ease-of-use vs security we provide.
Note, I'm not saying security isn't important. I'm suggesting we
consider alternate ways of moving the pointer towards usability, without
significantly compromising the security of the platform.
~ ~ Dave
More information about the pmwiki-users