Menu
▾
▴
[Nms-cgi-devel] wwwboard.pl security + headers
|
From: Olivier D. <dr...@sh...> - 2002-02-04 00:06:48
|
First, I'd like to let everyone know that I'm working on getting headings in all the scripts. There didn't seem to be any objections to the last proposed header scheme so I've taken upon its implementation. Second, I've noticed a possible security issue wwwboard.pl: -> $allow_html should be set to 0 by default (IMHO). It's currently set to 1. Which brings another one. I've noticed, in the scripts I've gone through so far, that $emulate_matts_code is set to 1 by default. Don't we want to educate users to better security and set this off by default? I mean what's the point of advertising security if we by default emulate code or features that are insecure? -Oli -- +----------------------------------------------+ | Olivier Dragon dr...@sh... | | Software Engineering II, McMaster University | +----------------------------------------------+ |
