[RULE] Inclusion of php scripts in SPIP CMS?

M. Fioretti m.fioretti at inwind.it
Mon Mar 22 08:14:50 EET 2004


On Mon, Mar 22, 2004 06:43:15 AM +0100, C David Rigby  cdrigby at 9online.fr  wrote:
> From a security perspective, this should be okay if
> 
> 1) We are confident we can trust the script to behave itself

We can come to that together as it would be just a few scripts, most
of which already existing

> 2) It does not accept any input in the form of a parameters supplied
> by the user (or at least restricts that input to, say, only the
> [a-zA-Z0-9] characters].

The existing scripts which fetch newest stuff from the database are
like this. The only problem is the form which places stuff in the test
database, and of course those provided by SPIP

> The point is to not let a user of the system narness a script to pass 
> malicious/erroneous instructions to the server or a shell.

agreed.

Ciao,
	Marco Fioretti 


-- 
Marco Fioretti                 mfioretti
Red Hat for low memory         www.rule-project.org

Human beings act intelligently only after they have exhausted the
alternatives -- Abba Eban


_______________________________________________
Original home page of the RULE project: www.rule-project.org
Original Rule Development Site http://savannah.gnu.org/projects/rule/
Original RULE mailing list: Rule-list at nongnu.org, hosted at http://mail.nongnu.org/mailman/listinfo/rule-list




This full static mirror of the Run Up to Date Linux Everywhere Project mailing list, originally hosted at http://lists.hellug.gr/mailman/listinfo/rule-list, is kept online by Free Software popularizer, researcher and trainer Marco Fioretti. To know how you can support this archive, and Marco's work in general, please click here