6 May
2001
6 May
'01
12:48 p.m.
I've been working on "security" from a perspective of users/authors not being able to do more than what they're granted permission to do. I finally realized that there's a huge risk in a system like ours with many untrusted authors creating contnet to be viewed by trusted users. If, for example, a student makes a page as part of his homework, any commands he puts in it will be executed with the privileges of his professor when it is checked. This is a bit like getting someone to run your own script in UNIX, but vastly more likely. Any ideas for getting around this? I'm stumped. I want to be able to do this in many situations, but certainly it can be devastating in some. Thank you. --kyler