Re: [Phpwebsite-developers] Security Question

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

On Mon, 2005-04-25 at 11:41, Matthew McNaney wrote:
> There are two other backup measures added to the parser. First, we
> removed the ability for anonymous users to upload documents in
> announcements and calendar. Second, phpWebSite checks the file extension
> and prohibits executable files from being written.

Matt,
I'm no security expert, but I think uploads should be disabled by
default. Then use fine grained permissions to allow uploads for specific
users.

-- 
Mike Noyes <mhnoyes at users.sourceforge.net>
http://sourceforge.net/users/mhnoyes/
SF.net Projects: leaf, phpwebsite, phpwebsite-comm, sitedocs