SitePoint Sponsor

User Tag List

Results 1 to 3 of 3

Thread: Smarty Security

  1. #1
    SitePoint Guru brent5392's Avatar
    Join Date
    Dec 2005
    Location
    Australia
    Posts
    636
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Smarty Security

    I am soon about to begin developing an application where users can upload their own template files, which will be parsed by the smarty engine. They will have access to set variables. Before the template is actually used, it will be scanned to check that it contains no javascript and no links to include javascript.

    What other security issues are there that I should worry about? Is this not a good idea? Could this produce a large security hole?
    PHP | MySQL | (X)HTML | CSS

  2. #2
    An average geek earl-grey's Avatar
    Join Date
    Mar 2005
    Location
    Ukraine
    Posts
    1,403
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Security is one of its main points, so designers should be able to do only what they are supposed to.

    There has been a bug, which allowed execution of arbitrary PHP code, a while ago so always check for updates.

  3. #3
    SitePoint Guru brent5392's Avatar
    Join Date
    Dec 2005
    Location
    Australia
    Posts
    636
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, most definitely. If im going to use someone elses code, ill definitely make sure ill use the most upto date available.
    Edit:

    Especially if everyone has access to it...
    PHP | MySQL | (X)HTML | CSS


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •