id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc
1325	"Change ""black list"" to ""white list"" in the default connector configurations"	Frederico Caldeira Knabben	Wiktor Walc	"Currently, we are using the ""DeniedExtensions"" setting for all connectors to define the list of denied extensions in all File Browser connectors.

It is a fact that it is quite hard to maintain this ""black list"", making it easy to miss something that could result in security issues. It would be much more sane to maintain a ""white list"", using the ""AllowedExtensions"" setting instead.

I'm sure many people will start complaining that this and that extensions will be missing, but this is configurable anyway, and would certainly make our security attempts more efficient.

I ask here for '''suggestions for the list''' of extensions we should be included in this ""white list""."	Task	closed	Normal	FCKeditor 2.5 Beta	File Browser		fixed