Sounds to me like aa better permission system, written in PHP with a
database backend would do the job? All files have to go through
index.php, right? I guess the hole is in the execution of the uploaded
php files, huh? THEY have lots of access, locally, just include them
from your file and read them. HMMMMMM.
Matthias Englert wrote:
>
> > Is there a comparison chart, like the barebones HTML
> > doc I have quoted below, comparing Regular/Lite, Regular/LessFilling,
> > Midard?
>
> I don't think so...
>
> Don't forget that there is a security problem in midgard-lite. Everyone
> who has write access can get the mysql login/password.
>
> I have thought a lot about this. The problem is that you can get so many
> informations in php. You can get a list of classes, of functions, of
> class variables... you can hide nothing. I have only one idea left but
> this one is not thought out. So it could be complete crap:
>
> We have public functions and private functions. Every private function
> needs a key as parameter if you call (if the key is wrong we sleep for
> some time or call exit).
>
> //private function
> function test($key, $other, $params) {
>
> /* KEY-BEGIN */ $int_key = "this would be generated by installation and
> maybe perodical"; /* KEY-END */
>
> if ($key != $int_key)
> exit;
> }
>
> //public function
> function mgd_test_func($params) {
>
> /* KEY-BEGIN */ $int_key = "this would be generated by installation and
> maybe perodical"; /* KEY-END */
>
> test($int_key, "some stuff", "goes here");
>
> }
>
> Any thoughts?
>
> Of course it would be some work to change midgard-lite this way. But
> now, Dennis, you are there... ;-)
>
> Matthias
> ps: Some of the update / create / move functions and some of the more
> "special" functions are not implementet yet.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
--
If You want to buy computer parts, see the reviews at:
http://www.cnet.com/
**OR EVEN BETTER COMPILATIONS**!!
http://sysopt.earthweb.com/userreviews/products/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
