|Home||Help Search Members Calendar|
|Welcome Guest ( Log In | Register )||Resend Validation Email|
Directory Review Center
Forum & Fandom Guides Graphics Contributions
Skin Base Gallery
Challenges & Contests
Posted: Apr 1 2014, 05:50 AM
Okay, so currently running up against a minor setback with a project I'm involved with at work and was wondering if anyone here could illuminate why?
Basically, I manage the online presence for several companies, one of which is a new acquisition and already has a significant user base. As such, I've been left in the less-than-ideal scenario of having a website that I'm in charge of maintaining, hosted by another company. By and large, that company is far more competent than our in-house team and generally I'm happy with staying with them (not that I have a choice ) but their director has denied my request to be able to use the Wordpress Template Editor.
To be clear, the website uses Wordpress as it's CMS and I'm allowed admin access in order to update most other parts. However, the brand is going in a new direction and we really need flexibility on the front page right now, which the current theme is not great with. Anyway, point is it would everyone's lives easier if I could, but they're worried about security risks of doing so.
Now, I'm aware that people could inject malicious content onto the site from the Template Editor, but as far as I can see the root admin account has that access (it isn't blocked across the board) so allowing me the same access doesn't significantly increase the risk of a blunt-force login hack.
I'm also aware that, certainly in the past, it has been possible to inadvertently break files from incorrect PHP statements that would require the website dev team to fix my mess using FTP (which I won't get, ever, and that's fine) and I can understand trepidation of allowing an unknown third party access.
My question, or tl;dr, is: could I directly compromise their server and other hosted sites by using malicious database queries (or something) from the Template Editor AND could I not as easily infect their network by using the HTML editors on Post edit pages or even injection with an image? Or does the Template Editor pose a significant risk to them and should I concede that they know better
Cheers for any help!