You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Mar 23, 2024. It is now read-only.
drfrederson has a very simple security restrictions.
You can Setup the public site with only html and assets, but the _drf/-directory is needed for changing content.
The make.php has no role or user validation, so webedit is allowed for everyone, there are only a few low protections against writing outside source directory and directory traversal.
Protect _drf/ against violaton.
.htaccess for the whole _drf/-directory. (Change existing .htaccess to a suitable Basic access authentication)
use editing only on secure machines like your desktop or intranet and publish all without _drf/ (e.g. rsync --exclude=_drf/)
Out of the box it is possible to add executable php files on the source directory.
Of course, with ssh access you can do everything;) If you need an complex role based access control system, ask for git pull requests on the source directory.