Is using FCKeditor and KFM secure?
Reason for asking;
I used to use KTML editor which was really badly coded and allowed all kinds of SPAM, SPAMbots and even humans access to my web folders. (Thank GOD it was discontinued!)
Having a statement like this in your files - is it really secure?
Any help, opinions or ideas would be great!
Cheers
Reason for asking;
I used to use KTML editor which was really badly coded and allowed all kinds of SPAM, SPAMbots and even humans access to my web folders. (Thank GOD it was discontinued!)
Having a statement like this in your files - is it really secure?
$kfm_db_prefix = 'kfm_'; $kfm_db_host = 'localhost'; $kfm_db_name = 'db_name'; $kfm_db_username = 'user'; $kfm_db_password = 'pass'; $kfm_db_port = '';
Any help, opinions or ideas would be great!
Cheers
Re: Security? Is FCKeditor and KFM secure?
FCKeditor doesn't care about spam, sanity checks or anything like that, it's a client side widget that any attacker will bypass, you must rely on your server script to verify the data. It's just an advanced textarea, and anything that can go into a textarea is allowed in FCKeditor.
The filemanager of FCKeditor is disabled by default and in order to enable it you are strongly adviced to secure the access to that script, if you take an easy route then it's your problem to fight attackers.
I guess that the snippet that you have posted is part of the configuration file for KFM, it's PHP, so as long as any visitor doesn't have access to the source code, you should be safe, at least for that file, I don't know anything about KFM. On the other side, I've seen some people announcing file managers that have the paths set up in javascript, so I would be really afraid to use one of those.
Re: Security? Is FCKeditor and KFM secure?
Let me say; that it's actually very neat to have an application that can do these basic but needed things.
I was afraid to use FCKeditor, I really thought it was too much to handle in one go.
After a bit of reading and figuring out what goes where, FCKeditor blew me away! with it's ability to allow me to create my own toolbars, etc... (notice the etc (this means that I haven't dug deeper than the surface))
Yes I am excited about the FCKeditor (Like really don't change the name, it's the name that shouldn't be changed)