woda team mailing list archive

Thread
Date

need an advice for woda.conf

To: devwoda <woda@xxxxxxxxxxxxxxxxxxx>
From: Xavier Brochard <xavier@xxxxxxxxxxxxxx>
Date: Wed, 7 Jul 2010 23:00:18 +0200
Organization: Alternatif
User-agent: KMail/1.13.3 (Linux/2.6.32-5-amd64; KDE/4.4.4; x86_64; ; )

Hi Malcolm

I've added a CHECKCGI variable in evalTrouble to enforce security checking of 
cgi databases (evalTrouble default is to work only on dd.txt databases - like 
"rent-a-db")

By mitake, I've writed two descriptions for woda.conf and I don't know which 
one to chose... Help me!
Here they are:

# enforce security and restrict user input: use evalTrouble function for all 
databases or not
# default is to only use evalTrouble with databases stored in dd.txt files 
(created through the web interface)

	$CHECKCGI = '0';

# enable/disable security check on cgi databases (default is to check only 
dd.txt databases)
# WARNING: this will reduce database functionalities!

	$CHECKCGI = '0';

bests
Xavier
xavier@xxxxxxxxxxxxxx - 09 54 06 16 26