[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Saturday, 13 February 2021 14:20:31 GMT Simon Avery wrote: > > But adding files to the filesystem under ../plugins is extremely common, > even in many enterprise products. I don't think I agree with you that it's > dated, it's a common and widely used way to add bespoke content to a > framework. I think you misunderstand, I mean hackers converting server side write or file upload straight into code execution. I appreciate changing things is hard, but it is not for example difficult to envisage a WordPress variant where all the PHP is outside of the traditional webroot, separation of content types and appropriate web server permissions within the file hierarchy, all the plugins are signed, with an installation step. Lot of these issues are worked around or mitigated in professional WordPress hosting. -- The Mailing List for the Devon & Cornwall LUG https://mailman.dcglug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq