I'm not totally opposed to the idea but there are some security risks to be considered.
One of Roller's biggest vulnerabilities is that users are trusted to publish any type of content and this includes JavaScript which can be used to make Cross-site scripting and request forgery attacks. You really have to trust your bloggers because the system does not sanitize user input (except for blog comments). Even if we delete the data every day bad actors could use the system to make these sorts of attacks. We could disable custom themes, but folks could still publish malicious code in blog posts. How is that handled for Kibble and OFBiz, do they sanitize all user input? Dave On Mon, Aug 19, 2019 at 9:30 AM Aditya Sharma <adityasha...@apache.org> wrote: > Indeed. > > +1 > > Thanks and Regards, > Aditya Sharma > > On Sat, 17 Aug 2019 at 18:41, Swapnil M Mane <swapnilmm...@apache.org> > wrote: > > > Hi team, > > > > The new adopters and users are generally looking for a demo instance of > any > > software to evaluate it. > > This brings me a thought, we should have a demo instance for the Roller. > > > > Other Apache projects are also set up the demo instance for their > project, > > like > > Apache Kibble - https://demo.kibble.apache.org/ > > Apache OFBiz - > https://demo-trunk.ofbiz.apache.org/ecommerce/control/main > > > > The demo instance will be redeployed every day with fresh data and latest > > codebase (we may set up instances for old releases, but it is not the > > priority we can do it later). > > > > We can request the infra team to set up the demo instance at > > https://demo.roller.apache.org/ > > > > Thought? > > Please let me know if I missed any existing demo instance. > > > > Best regards, > > Swapnil M Mane, > > www.apache.org > > >
