Title: security problem
Last modified: August 18, 2016

---

# security problem

 *  [kae](https://wordpress.org/support/users/kae/)
 * (@kae)
 * [21 years, 9 months ago](https://wordpress.org/support/topic/security-problem-1/)
 * I installed a nightly build this morning, and just got around to messing with
   it.
    One thing I’ve always had trouble with was how the wordpress templating 
   system allows code access to the blogger. For instance, on a multi-user site,
   where the user may be relatively anonymous, it’s not advisable to allow the user
   to put, say `<?php include('/etc/passwd');include('/etc/shadow'); ?>` into their
   template. While most systems do run Apache under a `httpd` user, there may be
   some people out there running it under `root`, allowing this to be exploited.
   Besides, this may be used to do other stuff – such as maybe: `<?=htmlspecialchars(
   join('',file('wp-config.php')));?>` That, on my own system, outputs the database
   username and password to the screen… Don’t know if that’s even something to worry
   about, but definitely something to think about. Kae

Viewing 1 replies (of 1 total)

 *  [NuclearMoose](https://wordpress.org/support/users/nuclearmoose/)
 * (@nuclearmoose)
 * [21 years, 9 months ago](https://wordpress.org/support/topic/security-problem-1/#post-95575)
 * [Here is a listing](http://www.google.com/search?num=100&hl=en&lr=&ie=UTF-8&c2coff=1&q=site%3Awordpress.org+security&btnG=Search)
   of many discussions about security. Security is a concern for everyone, and the
   developers are totally aware of this. Others have raised the very issue that 
   you just did. Check out the threads in the above list to see the various responses
   to security questions.

Viewing 1 replies (of 1 total)

The topic ‘security problem’ is closed to new replies.

 * In: [Requests and Feedback](https://wordpress.org/support/forum/requests-and-feedback/)
 * 1 reply
 * 2 participants
 * Last reply from: [NuclearMoose](https://wordpress.org/support/users/nuclearmoose/)
 * Last activity: [21 years, 9 months ago](https://wordpress.org/support/topic/security-problem-1/#post-95575)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics