SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Thread: Smarty Security

  1. Jul 3, 2007 23:04 #1
    brent5392
    brent5392 is offline
    SitePoint Guru brent5392's Avatar
    Join Date
    Dec 2005
    Location
    Australia
    Posts
    636
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Smarty Security

    I am soon about to begin developing an application where users can upload their own template files, which will be parsed by the smarty engine. They will have access to set variables. Before the template is actually used, it will be scanned to check that it contains no javascript and no links to include javascript.

    What other security issues are there that I should worry about? Is this not a good idea? Could this produce a large security hole?
    PHP | MySQL | (X)HTML | CSS
  2. Jul 4, 2007 01:54 #2
    earl-grey
    earl-grey is offline
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Security is one of its main points, so designers should be able to do only what they are supposed to.

    There has been a bug, which allowed execution of arbitrary PHP code, a while ago so always check for updates.
    My weblog
  3. Jul 4, 2007 02:05 #3
    brent5392
    brent5392 is offline
    SitePoint Guru brent5392's Avatar
    Join Date
    Dec 2005
    Location
    Australia
    Posts
    636
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, most definitely. If im going to use someone elses code, ill definitely make sure ill use the most upto date available.
    Edit:

    Especially if everyone has access to it...
    PHP | MySQL | (X)HTML | CSS
« Previous Thread | Next Thread »

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules