Your Ad Here

Process Tags security update

6 Aug 2002

If you use the Process Tags plugin and you have multiple authors on your blog, it would be a good idea to remember that the plugin allows any author to insert Movable Type tags into their entries. This could potentially lead to bad things happening, especially if you use the SQL or PerlScript plugins. Please use common sense when using this (or any other) plugin.

Paul Winkeler
July 18, 2003 9:57 AM

Hi Guys

Can we not think of some kind of restrictions to impose on the evaluation of tags inside entry contexts? Perhaps only entries authored by the “owner” of the blog can have this feature activated by careful crafting of the template?

Any other ideas to manage this risk would be greatly appreciated.

PaulW


Your comments:

Text only, no HTML. URLs will automatically be converted to links. Your email address is required, but it will not be displayed on the site.

Name:

Email: (not displayed)

If you don't feel comfortable giving me your real email address, don't expect me to feel comfortable publishing your comment.

Website (optional):

Lijit Search

Best Of

  • Embrace the medium The Web is different than print, television, or any other medium. To be successful, designers must embrace those differences.
  • Best of Newly Digital There have been dozens of Newly Digital entries from all over the world. Here are some of the best.
  • Let it go Netscape 4 is six years old.
  • Pitching Bloggers Forget what you learned in your PR classes. Start acting like a human instead of a marketer, and the humans behind the blogs will respond.
  • California State Fair The California State Fair lets you buy tickets in advance from their Web site. That's good. But the site is a horror house of usability problems.
  • More of the best »

Recently Read

Get More

Subscribe | Archives

Recently

Cloud Reliability (Aug 12)
Would you like to take bets as to whether Amazon or Google have better reliability and safety than your local network service providers?
George Carlin (Jun 22)
"I'm always relieved when someone is delivering a eulogy and I realize I'm listening to it."
Business lessons from the Kitchen (Jun 9)
The Gordon Ramsay School of Business
Under The Radar twittering (Jun 3)
My live stream from Under the Radar
Measuring a CEO's mind (May 29)
Not everything that's important can be measured. Not everything that can be measured is important.
Golden 1: breaking customer expectations (May 25)
Take a potential new user and give them a poor signup experience, then call them a liar.
Sprout Test (May 7)
A test post for Sprout widgets.

Subscribe to this site's feed.

Elsewhere

Feed Crier
Get alerted by IM when your favorite web sites and feeds are updated.
SacStarts
The Sacramento technology startup community.
Pinewood Freak
Pinewood Derby tips and tricks
Del.icio.us
My tagstream at del.icio.us.
Waddlespot
My son's Club Penguin community. News, blogs, tips, and tricks.

Contact

Adam Kalsey

Mobile: 916.600.2497

Email: adam AT kalsey.com

AIM or Skype: akalsey

Resume

PGP Key

©1999-2008 Adam Kalsey.
Content management by Movable Type.