Menu
▾
▴
Re: [Nms-cgi-devel] wwwboard.pl security + headers
|
From: Joseph F. R. <rya...@os...> - 2002-02-04 02:17:48
|
Because the goal of the project was to create drop-in replacements for people using Matt Wright's Scripts. Therefore, we need to emulate his code by default; extra features are up to the user. At 07:10 PM 2/3/2002 -0500, Olivier Dragon wrote: >First, I'd like to let everyone know that I'm working on getting >headings in all the scripts. There didn't seem to be any objections to >the last proposed header scheme so I've taken upon its implementation. > >Second, I've noticed a possible security issue wwwboard.pl: >-> $allow_html should be set to 0 by default (IMHO). It's currently set >to 1. > >Which brings another one. I've noticed, in the scripts I've gone through >so far, that $emulate_matts_code is set to 1 by default. Don't we want >to educate users to better security and set this off by default? I mean >what's the point of advertising security if we by default emulate code >or features that are insecure? > >-Oli > >-- >+----------------------------------------------+ >| Olivier Dragon dr...@sh... | >| Software Engineering II, McMaster University | >+----------------------------------------------+ > >_______________________________________________ >Nms-cgi-devel mailing list >Nms...@li... >https://lists.sourceforge.net/lists/listinfo/nms-cgi-devel |
