[geeklog-devel] Hmm ...
Mark Howard
mark at the-howards.net
Wed Jun 25 17:00:02 EDT 2008
Playing devil's advocate - not picking on you - but - isn't that what we
ended up doing with the use of HTML style directives in story content?
:^)
I think we owe it to the general population to leave advanced features
disabled that we know only about 5% of them will use, as long as those
advanced features present some sort of security issue.
Clearly the protocol is not as robust as it needs to be otherwise they
wouldn't be worried about it. This would seem to be an effective way to
generate nicely-formatted SPAM, or worse - a way to inject what might look
like authentic content into a site for phishing or other nefarious purposes.
How secure is the authentication scheme? Is it as secure as what GL core
code provides for in the core code itself? If so, perhaps a non-issue, but
disabling generally-unused features by default is a common security practice
- it doesn't have to be about a statement that it is extraordinarily
dangerous.
As you have said - I like WP a lot as well, use it myself, have a lot of
friends that use it, etc etc. I was not picking on them, but I tend to be
cynical about some of these things - I have to read them every day and
evaluate them, and I feel like I might be turning into Robert Langdon,
seeing patterns in everything ... :^)
-m
-----Original Message-----
From: geeklog-devel-bounces at lists.geeklog.net
[mailto:geeklog-devel-bounces at lists.geeklog.net] On Behalf Of Dirk Haun
Sent: Wednesday, June 25, 2008 2:42 PM
To: geeklog-devel
Subject: Re: [geeklog-devel] Hmm ...
...
The other is that disabling something
after it was enabled by default previously sends a message to those that
want to use it - namely, that it's probably not a good idea to enable it.
More information about the geeklog-devel
mailing list