Differences

This shows you the differences between two versions of the page.

--- security [2023-11-28 12:33] – 95.23.114.86
+++ security [2024-02-13 09:17] (current) – undo 178.197.202.230
@@ Line 307: / Line 307: @@
   * If you can, review the plugin source code yourself, //before// installing it.
   * If in doubt, ask on the [[mailinglist|mailing list]].
-  * Plugins are installed under the DokuWiki ''lib'' directory, which is directly accessible from the outside. Review what a plugin contains and lock down access with .htaccess files as appropriate.
+  * Plugins are installed under the DokuWiki ''lib'' directory, which is directly accessible from the outside. Review what a plugin contains and if access is appropriate, plugins shouldn't store sensitive info in their own directory.
   * Plugins are authored by developers not directly related to the DokuWiki project - they may be inexperienced, have malicious intent or may host the plugin source code on a server that has been compromised. Be careful whom you trust!
   * Review the plugin page for mentioned security warnings and upgrade the plugin when new releases become available.
+  * If in doubt, let plugins be reviewed by a professional first. See [[faq:support]].
 See also: [[devel:security#reporting_security_issues|How to report security issues in plugins]]