Good morning,
On 19/3/08 at 8:29 AM -0700, Jonathan Schwartz
<[EMAIL PROTECTED]> wrote:
I am trying out WYSIWYGEZ, from the folks at WYSIWYGPro.com.
It does work, but there's a concern. In order to edit the
files, permissions for each file must be set at full permissions.
What is the security impact of doing this? (please don't beat me up).
Unless you own that box and you are the only user; it's like
putting a sign in front of your house telling everyone to come
inside and do whatever they like. And even if you are the only
user, it's still not safe since a *simple* security exploit can
take advantage of that. IOW, don't do it unless you want other
people to control your web site.
To be honest, I can't believe they even bother writing software
that requires completely open permissions for it to be useful.
It's almost criminal.
Charlie
--
Charlie Garrison <[EMAIL PROTECTED]>
PO Box 141, Windsor, NSW 2756, Australia
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org
http://www.ietf.org/rfc/rfc1855.txt
--
------------------------------------------------------------------
Have a feature request? Not sure the software's working correctly?
If so, please send mail to <[EMAIL PROTECTED]>, not to the list.
List FAQ: <http://www.barebones.com/support/lists/bbedit_talk.shtml>
List archives: <http://www.listsearch.com/BBEditTalk.lasso>
To unsubscribe, send mail to: <[EMAIL PROTECTED]>
