[wp-hackers] multiblog/multisite musings -- comments welcome

[Tara Star]

Henning Seljenes wrote:
> The main problem I see with this is you need to have a way to deal
> with the people that take, wp-config.php for example and add an extra
> line:
> 
> $result = mysql_query("DROP multiblogs");

thanks for the heads-up on the security issue

> There are two options to deter this kind of thing:
> 
> Remove the permission from the mysql user to drop / delete and add
> ways for a user to make a post invisible.

sounds simpler to me. or give each blog its own user that has 
permissions only on his own tables -- would that do it?

> Make all the user included files a differant extension and parse them
> for permitted operations before executing them with the code.

urghl. :-) that sounds out of my league!

Steph
--
http://climbtothestars.org