Plugin Security 

By default, Wiki Syntax is designed to be safer than HTML. If we let users just use any HTML & Javascript (which is , some could do nasty things like XSS

Thus, when a plugin is potentially insecure, it must be approved by someone with appropriate permissions.


The permissions involved are:

Permission Description
tiki_p_plugin_approve Can approve plugin execution
tiki_p_plugin_preview Can execute unapproved plugin
tiki_p_plugin_viewdetail Can view unapproved plugin details

Plugin Approval 

See Plugin Approval

Plugin Manager 

Plugins can be enabled or disabled on a sitewide basis by an admin. So if you don't need it, turn it off.



Created by: Last Modification: Thursday 24 May, 2012 10:53:27 GMT-0000 by Xavier de Pedro
List Slides
Show PHP error messages