On 2/6/2011 10:38 AM, Michael Hamann wrote:
Hi, Excerpts from Myron Turner's message of 2011-02-06 17:04:22 +0100:The 'safe" and 'non-safe' designations refer to the fnencoding safe protocol, and not to whether or not the file browser is safe. I do have an .htaccess rule in the directory where they symbolic links occur which prevents indexing. So this prevents the media directory from being viewed by http.I've read that together with the comment "fckgLiteSafe also has an enhanced file browser with greater security." - that's why I assumed there actually was a difference in security.As of this morning fckgLite was downloaded 14861 times from from 4470 Unique IP's. It is being used in all kinds of contexts, wherever Dokuwiki is used. There have not been any recent complaints about security. I did have early complaints and there was in fact a time when it wasn't "safe" in the sense that you mean it, but over the course of the year and half that it has been in development, I've worked hard to address the security concerns. In fact, access to the media directory--not the data directory itself--does have an http security flaw which I haven't figured out a way to correct, but I have made this clear in the documentation and provided ways for administrators to deal with it.My problem is not that the media directory is accessible, that can be okay, my problem is that there is no prominent place where I can read that. I've now found the information on the discussion page and some tiny bits on http://www.mturner.org/dwfck/fckgLite/doku.php?id=media#moving_files I think it would be good to include that documentation in the plugin page itself because imho most people won't read the discussion page or the whole documentation before installing the plugin.
That's a good idea, and I will do it so that the issues are right out front. -- Myron Turner http://mturner.org/ http://mturner.org/fckgLite http://www.mturner.org/dwfck/doku.php http://www.room535.org -- DokuWiki mailing list - more info at http://www.dokuwiki.org/mailinglist