[Moin-user] Attachments
Nir Soffer
nirs at actcom.net.il
Tue Aug 16 12:58:04 EDT 2005
On 16 Aug, 2005, at 22:44, Kenneth McDonald wrote:
> Note that we plan to remove that option in 1.4. Because of that and
> the security problems noted below, we do not recommend that option.
>
> ------------
>
> Is this really true--attachments in MoinMoin are going away?
No they are not.
There are two option to serve attachments in MoinMoin:
1. Serve attachment by MoinMoin script
2. Serve with the web server
In the first option, when you want to view or download an attachment,
moin read the file and send the data to the client.
In the second option, attachments are served by the web server from a
special directory. This is faster then the first method, but might be a
security problem if your server is not configured properly.
For example, if your server is configured to run files with .php
extension as php scripts from any directory, a cracker can upload an
evil php script to a moin page, and then run that code by "viewing" the
attachment.
The second option will be remove in the future.
Best Regards,
Nir Soffer
More information about the Moin-user
mailing list