[wp-hackers] Auto Update Plugins
Otto
otto at ottodestruct.com
Tue Feb 17 22:44:56 GMT 2009
On Tue, Feb 17, 2009 at 3:59 PM, Doug Smith <doug at smithsrus.com> wrote:
> That may be a mute point because permissions would likely need to be set for
> a plugin data folder anyway. The uploads folder contains pictures and such
> that, by design, are to be shared with the world. However, plugin data being
> viewable by the world could have security implications. I certainly wouldn't
> want that folder readable through the Web server like the upload folder
> needs to be.
Perhaps we need to better define what this plugins-data is, exactly,
because I cannot think of a legitimate case where you'd:
a) have a plugin that needs to store files somewhere such that the
user can upload them or otherwise modify them, and
b) those files should not be world-readable over the webserver.
Can we come up with some specific use cases here before deciding how
to implement it? What is this "plugin-data"? The main case I was
thinking of was plugins that have customizable CSS files or IMG files
which affect the output of the plugin.
-Otto
More information about the wp-hackers
mailing list