Results 1 to 4 of 4
  1. #1
    Join Date
    Mar 2009
    Posts
    51
    Plugin Contributions
    0

    Default TinyMCE - is it secure?

    How secure is the tiny mce wsiwyg? Is there any thing I can do to make it more secure from being hacked?

    Version 1.3.8 latest version of tiny mce
    Zen Cart Rocks!
    thanks to all the hard workers out there

  2. #2
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: TinyMCE - is it secure?

    I can't comment on its overall security, but I do know that one important thing to do for blocking abuse is to disable any file-upload capability used by any such editor/addon.

    Perhaps others can comment on other matters related to its security.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

  3. #3
    Join Date
    Mar 2009
    Posts
    51
    Plugin Contributions
    0

    Default Re: TinyMCE - is it secure?

    You mean from the computer to the editor on the main screen/ezpage admin? That would make the editor not work to upload files from my computer or reference pics on the server?

    Or in the php file system? where you could still load pics from the computer to the server and use them on the ez pages ect?

    (referencing urls is kinda a pain)

    Thanks for the reply! =)

  4. #4
    Join Date
    Jan 2004
    Posts
    66,446
    Plugin Contributions
    81

    Default Re: TinyMCE - is it secure?

    Yes, I was referring to having the editor allow you to upload files via the editor screen while in your admin.

    It's safer to use FTP to upload your own images, and simply refer to them in the HTML you write in your pages.
    .

    Zen Cart - putting the dream of business ownership within reach of anyone!
    Donate to: DrByte directly or to the Zen Cart team as a whole

    Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
    Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.

 

 

Similar Threads

  1. v150 HTMLarea, FCKeditor, TinyMCE do not work on secure site
    By JJackman in forum All Other Contributions/Addons
    Replies: 3
    Last Post: 6 Aug 2012, 05:49 PM
  2. This page contains both secure and non-secure items?
    By doubletiger in forum General Questions
    Replies: 2
    Last Post: 11 Sep 2010, 01:16 PM
  3. Replies: 3
    Last Post: 31 May 2008, 04:03 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
disjunctive-egg