Re: [Phpwebsite-developers] Security Explained

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On 2 Sep 2004, at 18:00, Matthew McNaney wrote:

>> On the surface it doesn't seem like there would be a quick fix to 
>> solve this
>> issue,  but I would strongly recommend that individual users make 
>> edits to
>> certain files in order to avoid or limit defacement.
>
> Another easy "fix" is to remove the <img> tag from your allow_tags
> setting in textSettings.php

Slightly limiting perhaps. ;-)

How about getting that two level textSettings hack Eloi? did in to the 
code asap so that at least admins can use the full complement of tags 
and we can lock out all html tags from normal users leaving them just 
with BBCode? That would solve a great many of these types of security 
issues.

Shaun
aegis design - http://www.aegisdesign.co.uk