|
Smarty
WARNING: All discussion is moving to https://reddit.com/r/smarty, please go there! This forum will be closing soon. |
|
View previous topic :: View next topic |
Author |
Message |
mastab0323 Smarty Rookie
Joined: 01 Jul 2005 Posts: 27
|
Posted: Sat Jul 02, 2005 12:49 am Post subject: {php} not secure? |
|
|
I have a centralized CMS software where a client can login and manage their content, including altering their website templates and creating their own styles for this CMS software. They do not have access to any of the php code, but only the software, and we allow them to style the software as they please using the smarty template engine, and the smarty template files are placed into their own personal directory and loaded once they log in. I dont want them to have the ability to alter any of the files or php code.
Couldnt they do this
{php}
`rm index.php`
{/php}
or something along those lines?
How do I keep them from doing this and keep my code and my files secure?
Thanks for your help. |
|
Back to top |
|
boots Administrator
Joined: 16 Apr 2003 Posts: 5611 Location: Toronto, Canada
|
Posted: Sat Jul 02, 2005 12:57 am Post subject: |
|
|
Quote: | How do I keep them from doing this and keep my code and my files secure? |
A: By enabling security mode. See: http://smarty.php.net/manual/en/variable.security.php
There are certain implications to turning it on and there are also several switches which you can use to achieve various levels of granularity. It is covered in the manual, but of course, do ask if you have difficulties. |
|
Back to top |
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
Powered by phpBB © 2001, 2005 phpBB Group
|