Is Smarty really secure enough to open up the template source to members
from the general public (albeit registered user, screened, identity
verified)?
My application calls for customiszble skinning. i.e. it is desirable to
allow customer sites edit their own templates. I wonder if a bad
template could badly screw up my central server?
I have the {php} tags turned off, and have the allowable php functions
in {if} tags restricted to sizeof() length() plus a few others. I am
asking presuming that I follow the security procedures outlined in
SMARTY mannual, if SMARTY itself present any inherent unacceptable risk?
Are you using SMARTY in this way? -- i.e. open it up to the public to
edit. I'd love to hear your thoughts on this.
--
Junxter Ad Network
