Need someone to lead product management at your software company? I create software for people that create software and I'm looking for my next opportunity. Check out my resume and get in touch.

Process Tags security update

Freshness Warning
This blog post is over 21 years old. It's possible that the information you read below isn't current and the links no longer work.

6 Aug 2002

If you use the Process Tags plugin and you have multiple authors on your blog, it would be a good idea to remember that the plugin allows any author to insert Movable Type tags into their entries. This could potentially lead to bad things happening, especially if you use the SQL or PerlScript plugins. Please use common sense when using this (or any other) plugin.

Paul Winkeler
July 18, 2003 9:57 AM

Hi Guys Can we not think of some kind of restrictions to impose on the evaluation of tags inside entry contexts? Perhaps only entries authored by the "owner" of the blog can have this feature activated by careful crafting of the template? Any other ideas to manage this risk would be greatly appreciated. PaulW

This discussion has been closed.

Recently Written

Too Big To Fail (Apr 9): When a company piles resources on a new product idea, it doesn't have room to fail. That keeps it from succeeding.
Go small (Apr 4): The strengths of a large organization are the opposite of what makes innovation work. Starting something new requires that you start with a small team.
Start with a Belief (Apr 1): You can't use data to build products unless you start with a hypothesis.
Mastery doesn’t come from perfect planning (Dec 21): In a ceramics class, one group focused on a single perfect dish, while another made many with no quality focus. The result? A lesson in the value of practice over perfection.
The Dark Side of Input Metrics (Nov 27): Using input metrics in the wrong way can cause unexpected behaviors, stifled creativity, and micromanagement.
Reframe How You Think About Users of your Internal Platform (Nov 13): Changing from "Customers" to "Partners" will give you a better perspective on internal product development.
Measuring Feature success (Oct 17): You're building features to solve problems. If you don't know what success looks like, how did you decide on that feature at all?
How I use OKRs (Oct 13): A description of how I use OKRs to guide a team, written so I can send to future teams.