[SAC] LDAP in Drupal

Tyler Mitchell (OSGeo) tmitchell at osgeo.org
Wed Dec 19 15:26:35 EST 2007

On 19-Dec-07, at 12:20 PM, Wolf Bergenheim wrote:

> On 19.12.2007 21:59, Frank Warmerdam wrote:
>> I think this is great news (despite some early concern).  As  
>> discussed
>> in IRC I think we need to be careful who has PHP editing  
>> permission in
>> Drupal since that is a backdoor to querying the database and/or doing
>> other unpriveledged operations on the server.
> Agreed. Inline PHP scripting should be handled with care.

I just changed it and made sure that only Drupal admins can use PHP  
code anywhere in page content.  The service provider directory is the  
only place where it has been previously used, and that should all  
work fine now.

More information about the Sac mailing list