From: Alan in T. <Ala...@pu...> - 2005-04-03 14:12:24
|
Paul Lesneiwski said: > If you want to use so much javascript, it might be nice to offer a > non-javascript option too. At least make sure to turn the plugin off > when $javascript_on is not set. Agreed. Perhaps the new version can include the same functionality as it does now: click on top-line "Bookmarks" link to reach an HTML view of bookmarks and bookmarks folders. It could be a user option to toggle the javascript display of the bookmarks hierarchy with "live" folders. > Assumes local users with accounts in /home. You can't assume this for > all SM installations. And make sure you tell people the risks of making > users' home dirs accessible to the web server user - very risky > depending on what data is kept there. It's unfortunately the way many web hosts setup their accounts. Those of us buying space on shared servers usually don't have a choice. > I assume this is just example code, as this script also should have > validation of user; else anyone can run it and blast things at will. :) Yes indeed, just an example. I didn't write it, it's just to perhaps give someone a headstart toward a better, more secure version. I appreciate hearing your concerns about webserver configuration and security. If you have any tips or ideas that I can use to approach my web host, I would do so to ask if they can alter their setup to make things more secure. |