Fullscreen
[Show/Hide Right Column]

Print
English

Plugin Security


By default, Wiki Syntax is designed to be safer than HTML. If we let users just use any HTML & Javascript (which is , some could do nasty things like XSS

Thus, when a plugin is potentially insecure, it must be approved by someone with appropriate permissions.

Image


The permissions involved are:

Permission Description
tiki_p_plugin_approve Can approve plugin execution
tiki_p_plugin_preview Can execute unapproved plugin
tiki_p_plugin_viewdetail Can view unapproved plugin details



Plugin Approval

Starting in Tiki 3, the usage of potentially dangerous plugins needs to be validated in a case by case basis. An admin can do that through tiki-plugins.php.

Image


Then, if you go to one of those pages listed in the previous list, you'll find a box with the option to see the details to that plugin usage. Users with the required permissions will be able to preview and validate or reject them.


Plugin Manager

Plugins can be enabled or disabled on a sitewide basis by an admin. So if you don't need it, turn it off.

Image




Alias


Contributors to this page: luciash d' being2160 points  and Marc Laporte9138 points  .
Page last modified on Thursday 03 March, 2011 15:21:06 UTC by luciash d' being2160 points .
The content on this page is licensed under the terms of the Creative Commons Attribution-ShareAlike License.

SourceHistorySlideshow

Site Language

Reference Guide

Keywords

These keywords serve as "hubs" for navigation within the Tiki documentation. They correspond to development keywords (bug reports and feature requests):



Tiki Newsletter

Delivered fresh to your email inbox!
Newsletter subscribe icon
Don't miss major announcements and other news!
Contribute to Tiki

Show php error messages
 
PHP (5.3.5-1ubuntu7.8) ERROR (E_WARNING):
File: lib/images/abstract.php
Line: 231
Type: getimagesize(dl35&display) [function.getimagesize]: failed to open stream: No such file or directory