diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-08-02 01:31:39 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2006-08-02 01:31:39 +0000 |
| commit | 2c0b310cc208b08fded4fe7e80cc3efbc4112c56 (patch) | |
| tree | f13aacfb32a7676392f80eb1659e8e0662507e54 /doc | |
| parent | 9db405f76a87c245b44e5be66a1dd879a246367f (diff) | |
| download | ikiwiki-2c0b310cc208b08fded4fe7e80cc3efbc4112c56.tar ikiwiki-2c0b310cc208b08fded4fe7e80cc3efbc4112c56.tar.gz | |
releasing version 1.13
Diffstat (limited to 'doc')
| -rw-r--r-- | doc/security.mdwn | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/doc/security.mdwn b/doc/security.mdwn index 4db756e2e..b3b5b6f3e 100644 --- a/doc/security.mdwn +++ b/doc/security.mdwn @@ -91,6 +91,10 @@ _(AKA, the assumptions that will be the root of most security holes...)_ Someone could add bad content to the wiki and hope to exploit ikiwiki. Note that ikiwiki runs with perl taint checks on, so this is unlikely. +One fun thing in ikiwiki is its handling of a PageSpec, which involves +translating it into perl and running the perl. Of course, this is done +*very* carefully to guard against injecting arbitrary perl code. + ## publishing cgi scripts ikiwiki does not allow cgi scripts to be published as part of the wiki. Or |