I am writing my own customized profile mod that I plan on sharing with the PHPBB community once completed. Looking at sites like MySpace, Facebook, etc.. I have to ask myself... how do they do it?
I am scared to allow users to embed their own HTML code. Reason being that I know that there are many things that can go wrong with that. I know that it is simple to do... just provide a form that collects the data and stores it for later use... but that's what scares me...
How do I prevent someone from writing a script that would allow them to browse my files for example? worse yet, since PHPBB is open source, couldn't they create a script that could give them direct access to the database?
I am sure you can see all the possible scenarios I am facing... Any ideas? Should I just put my foot down and just say no?
Please help me!