Hey gang,
I've been thinking about this for a few days. I find that I'll get an idea for code in my head, but not always be in a good spot (e.g. have the correct software to edit/upload new files to the webserver) to test it out. I've turned it over in my head, and I know many sites have some sort of online code editor that allows you to open up files and edit them, thus giving me a central location for code storage and editing when need be.
I know Google now has http://code.google.com that allows you to create a project, release versions, track bugs, check out code, etc. However, from what I can tell, it doesn't have any central editor that would allow me or anyone else in my situation to edit code from anywhere
My REAL question is, what kind of security issues would this raise? I don't think I'd have any problem finding, or even writing a simple file editing system on my own, however I want to make sure that only priveleged users can edit the code without raising huge security risks that could potentially mess up the whole project
Obviously, backups would be made, file "drafts" could be imposed, and final revisions would not be published without an authorized go ahead (for this code editor, at least). Regardless, there are some large security issues anytime you allow files to be remotely edited.
Thoughts?
UPDATE: Am I being too paranoid? I know paranoia and programming make a good pair, but there's obviously a point where too much paranoia is just a waste of time and can even lead to bigger problems (ie: being so engulfed in the little things one forgets to take a look at the big picture and say, forgets to make that last check at the code to make sure use CGI::Carp qw[fatalsToBrowser]; is commented out.)...
In reply to Security of website code editor? by stonecolddevin
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |