OK, since this has been asked, I'm going to explain this in a lot more detail.
The simple version: having any kind of ability where the admin uploads something for the forum itself, e.g. themes, plugins, smiley images, badges/rank images... this is a security risk. So too is media and attachments and avatars, but specific things can be done to mitigate those.
But anything that requires touching any of the core files is a serious security risk. Why? Because it requires opening up the core folders and files to higher permissions than they should have. This means making things writable by ANY USER on a shared host. Can we say 'hackable'? YES WE CAN!
The obvious answer is 'put permissions back again afterwards' but the thing is, people don't. They leave permissions set open for their own convenience later on, which is how come so many SMF installations get hacked at some time or another.[1]
Now, I have proposed a solution for this elsewhere but it's not a brilliant one. Specifically, it would require you (as the admin) to put in your FTP password periodically to upload things like plugins. Certain magic can be worked so that FTP (or SFTP) can be used to perform this kind of work, without making a security hole.
Before anyone asks, what are the chances of me giving you an admin upload facility that doesn't use FTP/SFTP and works solely by you changing permissions yourself? ZERO. There is ABSOLUTELY NO WAY IN HELL I will give you that ability. The idea is that you shouldn't be screwing around with it, and especially not screwing around with setting core files/folders to 777. And if you do, that's YOUR responsibility. My responsibility is in making a decision whether I give you a gun to shoot yourself with, or giving you an air rifle that probably won't kill you, you can guess where I'm going with this.
The simple version: having any kind of ability where the admin uploads something for the forum itself, e.g. themes, plugins, smiley images, badges/rank images... this is a security risk. So too is media and attachments and avatars, but specific things can be done to mitigate those.
But anything that requires touching any of the core files is a serious security risk. Why? Because it requires opening up the core folders and files to higher permissions than they should have. This means making things writable by ANY USER on a shared host. Can we say 'hackable'? YES WE CAN!
The obvious answer is 'put permissions back again afterwards' but the thing is, people don't. They leave permissions set open for their own convenience later on, which is how come so many SMF installations get hacked at some time or another.[1]
Now, I have proposed a solution for this elsewhere but it's not a brilliant one. Specifically, it would require you (as the admin) to put in your FTP password periodically to upload things like plugins. Certain magic can be worked so that FTP (or SFTP) can be used to perform this kind of work, without making a security hole.
Before anyone asks, what are the chances of me giving you an admin upload facility that doesn't use FTP/SFTP and works solely by you changing permissions yourself? ZERO. There is ABSOLUTELY NO WAY IN HELL I will give you that ability. The idea is that you shouldn't be screwing around with it, and especially not screwing around with setting core files/folders to 777. And if you do, that's YOUR responsibility. My responsibility is in making a decision whether I give you a gun to shoot yourself with, or giving you an air rifle that probably won't kill you, you can guess where I'm going with this.
1. | Though I stress, it really isn't only SMF, it's just that's what I know for certain. |