[pmwiki-users] question about pmwiki security
Dimitrij Krepis
krepis at udel.edu
Thu Apr 28 16:34:15 CDT 2005
Hi all,
we want to set up an information webpage based on pmwiki.
We are using an striped down version of pmwiki to disable all actions except browsing:
$HandleActions = array('browse' => 'HandleBrowse','diff' => 'HandleBrowse','crypt' => 'HandleBrowse','login' => 'HandleBrowse','upload' => 'HandleBrowse'); (in pmwiki.php)
We are also using the userauth script for authentication.
Are there any security faults known, which may lead to direct access to the servers filesystem through pmwiki? Is it possible to submit page changes without authentification ?
Any obvious problems existent ?
Thanks for your time.
Sincerely, Dimitrij Krepis.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: /pipermail/pmwiki-users/attachments/20050428/80f26a9d/attachment.html
More information about the pmwiki-users
mailing list