Hello, > I am afraid that I exposed a problem which, though real (and possibly severe), cannot be easily solved. > So, while there are other priorities, it is maybe better to forget it. > > Luigi
this is the approach that I personally rather try to avoid. The thing is that sites/ open source projects DO get hacked (see for example www.squirrelmail.org, read from bottom), and therefore it is good to come to a sensible compromise. Some attack awareness is better than no protection at all. It is clear on the other hand that hassle is to be avoided as well, and therefore, to cut a long story short, I have put up at http://www.sigproc.de/XXXcookbookuploadsnotify.txt (remove the XXX) what I have in mind - ideally only to be audited, installed and forgotten. It is pretty much quick and dirty, but we know it has to be installed on the one host only. The whole issue is clearly one of the few cases where one should not talk too much - some silence actually adds here to the security. I hope this seed can somehow fall on fruitful ground. (After my latest experiences my desire has grown to rather have a secure wiki, even if the necessary measures can be deployed only gradually.) ThomasP BTW: There is a NotifyOnUpload recipe, it is just that it is even more and probably _too_ much workaround style. _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users