EDIT Web Revisions Sandbox 2 (Insert a Header)
Wed, 2009-01-07 21:02 — Vince Smith
We need a BOLD statement about the Sandbox and the ability of user to log in and play with it without damaging the setup. We could do this by either inserting a header (some kind of fram - but not a frame?) alerting people to this and giving them the password. Or we put something about this on the front page. Either way we need to use a hideouse colour for the text so peopl will read it. Also are there arny securty issues by alowing users to log in. Perhaps we could change the admin password. Is there any other way we could isolate the sandbox such that no one could damage any other site?
- Add new comment
- 193 reads
Security
The security risks are ones which we should consider anyway. If a user is able to damage other sites through using the login to the sandbox, then this is an issue which needs fixing for the other sites. The default permissions for the admin user do not allow for PHP code to be executed. However, they can upload files which should probably be turned off on the sandbox. I shall make some changes to the front page of the sandbox to display some information about it.