2010/7/27 Marc Delisle <marc(a)infomarc.info>fo>:
Michal Čihař a écrit :
Hi
does it make sense to include SQL validator in user settings?
First it has some dependencies (SOAP) and it really does not make sense
to allow user to enable it unless they are satisfied (he will get only
errors).
The more important is that I believe this is something what admin
should control, as it makes connection to untrusted server, which could
be easily used to some exploit if exploitable bug is found in SOAP
extension or lower functions which SOAP extension do use. Also sending
queries to third party is again something admin might don't want but
user won't see it problematic.
So I think this option could be controlled by user only once admin has
allowed it.
Indeed.
Ok, removed.
--
Piotr Przybylski