| Author |
Message |
jimmo
Corporal
Joined: Feb 14, 2004
Posts: 60
Location: Germany
|
 Posted:
Mon Jul 11, 2005 1:49 am |
  |
Hi All!
This article here
http://64bit.us/article-print-83.html
indicates that the security in PHPNuke 7.7 and 7.8 is even worse than before. It says that the *only* thing to do is *not* user either version 7.7 or 7.8. I am curious as to what others have to say.
Regards,
jimmo |
_________________
The Linux Knowledge Base and Tutorial project is looking for volunteers: http://www.linux-tutorial.info |
|
    |
|
gadji
Sergeant
Joined: Oct 14, 2003
Posts: 115
|
| Posted:
Mon Jul 11, 2005 3:18 am |
|
This is a good debating point jimmo.
Some people here will say that if you keep all of your patches/phpBB versions up to date then you shouldn't have any problems.
Others however will say that if you use those versions then you are leaving an open invitation for hackers.
At the end of the day it's really down to what you want to do with your site. If you're careful to keep regular db AND file backups then you shouldn't have any problems at all, in my opinion.
The idea behind the wysiwig editors is a good one, but it just needs a bit more security work done on it before it will be fully secure. |
|
|
|
|
benk
Private
Joined: Jul 16, 2005
Posts: 37
|
| Posted:
Sat Jul 16, 2005 4:15 am |
|
I'm pretty new to phpnuke, I started off installing 7.8 not knowing any better and then I began reading the forums and found out about this issue. So, then I just did a simple test. I tried to submit some news with html...just basic stuff like:
<h1><font color=red>news story</font></h1>
and it went through, it actually processed the html tags...so I'd say there's a risk. I haven't tried any javascript though but still, allowing these types of tags compromises the way you want your site to look.
I'm now in the process of downgrading to 7.6. |
|
|
|
|
ishtar
Sergeant
Joined: Jun 19, 2005
Posts: 96
Location: Suriname
|
| Posted:
Sat Jul 16, 2005 8:14 am |
|
so....what can we do if we have used 7.7 or 7.8 |
|
|
 |
|
scz
Nuke Soldier
Joined: Apr 07, 2004
Posts: 27
|
| Posted:
Sat Jul 16, 2005 8:23 am |
|
|
|
|
ishtar
Sergeant
Joined: Jun 19, 2005
Posts: 96
Location: Suriname
|
| Posted:
Sat Jul 16, 2005 3:13 pm |
|
ok i went to that site i cant really find the info, or im not looking good. i wanna downgrade to 7.6
ok u guys tell me, which version is the best? |
|
|
|
|
benk
Private
Joined: Jul 16, 2005
Posts: 37
|
| Posted:
Sat Jul 16, 2005 3:28 pm |
|
|
|
|
triptoy5
Nuke Cadet
Joined: Jul 19, 2005
Posts: 1
|
| Posted:
Tue Jul 19, 2005 7:41 pm |
|
downgrading to 7.6 is all fine and dandy, but I cant seem to find out how to downgrade to anything lower. I have some special needs/interest to downgrade the database to about 7.0 or a little lower. If anyone can provide any links/resources/help/advice on this subject it would be very appreciated.
If for some reason, your not a registerd user of nukecops and dont feel like registering to answer this question  , feel free to email me at chaos@triptoy.net or IM me on AIM: DJTripToy
Much appreciated : )) |
|
|
|
|
CripTiK
Nuke Soldier
Joined: Jul 19, 2005
Posts: 24
|
| Posted:
Mon Jul 25, 2005 3:12 pm |
|
Ok, I downgraded my site to 7.6 from 7.7 and I am assuming I would still need to run the 7.6 patch? |
|
|
|
|
|
|
