2011-05-19, 20:06:50
mvlcek Wrote:I would be a security issue in a more complex CMS with multiple users and different rights per user, where it's not possible for the user to enter PHP code, but as soon as a user can enter PHP code by design (as a feature), any bugs in PHP code that is only accessible to him, can't be a security hole.
That was my point. I've been keeping it in mind but not telling Third version of GS allows multiusers, further there's a plugin - "Multi User" where you can create a kind of unprivileged user - site editor, for example. You think of granting him "editing", "pages" and "uploads" only, but he's gonna list or even download other files (full backups of GS, which contains hashes of passwords etc.)
Judging to mr. n00dles101 - it seems that this topic is over. Thanks everyone for interesting discussion.