[SAC] LDAP in Drupal
Tyler Mitchell (OSGeo)
tmitchell at osgeo.org
Wed Dec 19 15:26:35 EST 2007
On 19-Dec-07, at 12:20 PM, Wolf Bergenheim wrote:
> On 19.12.2007 21:59, Frank Warmerdam wrote:
>
>>
>> I think this is great news (despite some early concern). As
>> discussed
>> in IRC I think we need to be careful who has PHP editing
>> permission in
>> Drupal since that is a backdoor to querying the database and/or doing
>> other unpriveledged operations on the server.
>>
>
> Agreed. Inline PHP scripting should be handled with care.
I just changed it and made sure that only Drupal admins can use PHP
code anywhere in page content. The service provider directory is the
only place where it has been previously used, and that should all
work fine now.
More information about the Sac
mailing list