Re: [RULE] Inclusion of php scripts in SPIP CMS?

rule-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [RULE] Inclusion of php scripts in SPIP CMS?

From:	M. Fioretti
Subject:	Re: [RULE] Inclusion of php scripts in SPIP CMS?
Date:	Mon, 22 Mar 2004 07:14:50 +0100
User-agent:	Mutt/1.4i

On Mon, Mar 22, 2004 06:43:15 AM +0100, C David Rigby (address@hidden) wrote:
> From a security perspective, this should be okay if
> 
> 1) We are confident we can trust the script to behave itself

We can come to that together as it would be just a few scripts, most
of which already existing

> 2) It does not accept any input in the form of a parameters supplied
> by the user (or at least restricts that input to, say, only the
> [a-zA-Z0-9] characters].

The existing scripts which fetch newest stuff from the database are
like this. The only problem is the form which places stuff in the test
database, and of course those provided by SPIP

> The point is to not let a user of the system narness a script to pass 
> malicious/erroneous instructions to the server or a shell.

agreed.

Ciao,
        Marco Fioretti 


-- 
Marco Fioretti                 m.fioretti, at the server inwind.it
Red Hat for low memory         http://www.rule-project.org/en/

Human beings act intelligently only after they have exhausted the
alternatives -- Abba Eban

[Prev in Thread]

Current Thread

[Next in Thread]

[RULE] Inclusion of php scripts in SPIP CMS?, M. Fioretti, 2004/03/21
- Re: [RULE] Inclusion of php scripts in SPIP CMS?, C David Rigby, 2004/03/22
  - Re: [RULE] Inclusion of php scripts in SPIP CMS?, M. Fioretti <=

Prev by Date: Re: [RULE] Inclusion of php scripts in SPIP CMS?
Next by Date: Re: Deadlines & Commitments [Was: Re: [RULE] The SPIP CMS as the basis for a RULE-project website]
Previous by thread: Re: [RULE] Inclusion of php scripts in SPIP CMS?
Next by thread: [RULE] Status of new CD image, was:Deadline & commitments
Index(es):
- Date
- Thread