On 07/03/12 00:04, Adam Jon Richardson wrote: > It would be the responsibility of the framework or CMS or application > to protect against this type of attack (which they do quite well.) > When you can force a plugin to work through your API, you can take > appropriate measures. When the plugin can avoid working through, say, > a file API that protects against misuse by using the internal file > functions, this is a much more difficult issue to mitigate. The key point is precisely, how do you ensure they can only call your API?
-- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php