[Phpwebsite-developers] Security Question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Greetings,

There have been several complaints about Documents having problems with
the recent security measures. As you may (or not) know, phpWebSite
parses all uploaded files for specific phrases. If it sees those
phrases, it won't allow the file to be written to the system.

Normally, this works pretty well. However, some of the phrases catch
words in the document. "dl(" is a frequent sticky wicket.

There are two other backup measures added to the parser. First, we
removed the ability for anonymous users to upload documents in
announcements and calendar. Second, phpWebSite checks the file extension
and prohibits executable files from being written.

My question: is this sufficient? I have turned the security parser to
FALSE (i.e. off) in CVS to try and prevent these problems. I would like
some feedback as to whether this will make phpWebSite insecure.

Thanks,
Matt

-- 
Matthew McNaney
Electronic Student Services
Appalachian State University
http://phpwebsite.appstate.edu