[pmwiki-users] OpenOffice.org file uploads
Algis Kabaila
akabaila at pcug.org.au
Mon Nov 13 17:56:54 CST 2006
On Tuesday 14 November 2006 04:03, pmwiki-users-request at pmichaud.com wrote:
> From: Robin Sheat <robin at kallisti.net.nz>
> To: pmwiki-users at pmichaud.com
>
> Message was signed with unknown key 0x14D36485A99CEB6D.
> The validity of the signature cannot be verified.
> Status: No public key to verify the signature
>
> On Monday 13 November 2006 10:45, Algis Kabaila wrote:
> > I will sure try it - it sounds just like what we need. I was aware of
> > the security issue, but it is our groups opinion that OO.org files are
> > more secure than other types. I will report the outcome.
>
> They are more secure. The reason PmWiki only specifies allowed extensions
> is for a different security problem. If you could upload (say) a .pl file,
> and the server has mod_perl enabled, then you can do Bad Things(tm). So it
> errs on the side of only letting a few things through. It's to protect the
> server, more than the users :)
A big thank you to all who replied to my post, including Robin. Following
your advice I have now enabled our pmwiki to upload OpenOffice files, as
requested by Rod, to whom I am sending a copy of this email.
I don't know Perl (nor, alas, php...) and it really is too late for me to
learn. OTH, I do program Python and as Python is definitely enabled on our
server (how else would one run "Mailman"?), IMHO security based on file
extensions is very weak indeed - almost meaningless. Why? Python will run
"scripts" (programs) without any extensions of their name. This is a problem
for security, is it not?
Thanks again,
OldAl in sweltering Canberra Down-Under. Hi Robin, neighbour!
>
> --
> Robin <robin at kallisti.net.nz> JabberID: <eythian at jabber.kallisti.net.nz>
>
> Hostes alienigeni me abduxerunt. Qui annus est?
>
> PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
> End of signed message
> End of encapsulated message
--
Algis Kabaila (Dr)
akabaila[at]pcug[dot]org[dot]au
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : /pipermail/pmwiki-users/attachments/20061114/090a823b/attachment.bin
More information about the pmwiki-users
mailing list