Re: [Cctools-cchost] Open Font Library

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

> This is a contradiction - either you allow *any* file (some hacking
> required, I think), or you specify which files you allow and fill out
> the Psuedo Verifier (from 'Global Settings') with how you want them
> verified. (no coding required)
>
Yes, I suppose it is a contradiction.

Right now I am thinking of implementing a blacklist and muck with some  
apache settings to disallow the execution of files on the server. If  
the files are not disallowed by the Psuedo Verifier then it would  
allow the files to be uploaded.

I will try to get all the major security risk files blacklisted. Will  
also disable PHP & CGI where the files are being stored. I am looking  
into how to disable ASP & Cold Fusion as well. Jscript would be  
disabled with CGI.

I would have no idea how to make this work on any other server but  
apache. I have never used any other server, but the blacklist should  
work on any computer with php enabled.

>
> I can walk you through this, I'll have a skeleton code module for you
> by tomorrow evening gmt.

Great!