It sounds like you meant the issue to be putting PHP code into an article rather than putting PHP code in a database.
I have never worked with a Joomla site that allows numerous folks to add or alter content in articles. I understand that many Joomla sites are used by organizations where all the visitors to the site are all 'members' who must log in to even see the content and that many of them can provide/delete/modify content. I'm working at the opposite end, where there is typically one superuser (me) to take care of all the administrative stuff (maintaining users, extensions, updates, backups, troubleshooting, etc.) and one or possibly two users with only enough privileges to allow them to create and manage articles in a limited number of categories.
The risk of anybody misusing some php code that I've tucked into an article that only I can manage (but visitors can view), seems pretty minimal. I can understand your anxiety about this in the 'general' Joomla case, but in a very much restricted Joomla environment, I don't see the risk. I don't know how typical either extreme type of Joomla site is - and while I appreciate that Joomla can be used with such a wide range of management/usage scenarios, I hope I'm not missing something important about security.
I have never worked with a Joomla site that allows numerous folks to add or alter content in articles. I understand that many Joomla sites are used by organizations where all the visitors to the site are all 'members' who must log in to even see the content and that many of them can provide/delete/modify content. I'm working at the opposite end, where there is typically one superuser (me) to take care of all the administrative stuff (maintaining users, extensions, updates, backups, troubleshooting, etc.) and one or possibly two users with only enough privileges to allow them to create and manage articles in a limited number of categories.
The risk of anybody misusing some php code that I've tucked into an article that only I can manage (but visitors can view), seems pretty minimal. I can understand your anxiety about this in the 'general' Joomla case, but in a very much restricted Joomla environment, I don't see the risk. I don't know how typical either extreme type of Joomla site is - and while I appreciate that Joomla can be used with such a wide range of management/usage scenarios, I hope I'm not missing something important about security.
Statistics: Posted by davidascher — Thu May 30, 2024 8:48 pm