Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
testy1
Involved
Involved


Joined: Apr 06, 2008
Posts: 484

PostPosted: Sun Apr 06, 2008 4:57 am Reply with quote

Hi all,

Im new to all this but from what i have been reading it seems a lot of the various nuke flavours seem to be based on nuke 7.6 with chatserv patchs.

What im wondering is why is 7.6 the preferred nuke to use?, also i would have thought that using the latest nuke version with patchs would be the better alternative as those versions would have a lot of bug fixes aswell.

Could some explain why 7.6 is better and what the disadvantages would be of running say 8.1 with chatserv patches.

also what version is ravens latest nuke based on.

Thanks
Peter
 
View user's profile Send private message
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Sun Apr 06, 2008 6:34 am Reply with quote

7.6 is considered to be the most secure of the releases and versions after this introduced a number of security issues.

RN is originally based off of 7.6, but many many improvements, fixes etc. The patches come already applied and Sentinel comes pre-installed. RN is considered to be the most secure of the Nuke versions.
 
View user's profile Send private message
FireATST
RavenNuke(tm) Development Team


Joined: Jun 12, 2004
Posts: 637
Location: Ohio

PostPosted: Sun Apr 06, 2008 6:39 am Reply with quote

Raven nuke is based off of the 7.6 version, but has been reworked significantly to improve it. Searching here will explain why it is not recommended to use any phpnuke version over 7.6 EVEN with patches due to numerous security problems. You can have the patches and NukeSentinel installed in later versions and not be as secure as the 7.6. since the quality of phpnuke (IMO) went down after this version. After 7.6, the releases opened more holes and bugs then they closed.

Take a look around here and I am sure you will find all the information needed to answer your questions directly, but if not, please post and you will find a very helpful, friendly, and knowledgable bunch of folks that are second to none...... RavensScripts

lol....sorry Jakec....didn't know you had posted..... Wink
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Sun Apr 06, 2008 8:04 am Reply with quote

Quote:

that using the latest nuke version with patchs would be the better alternative as those versions would have a lot of bug fixes aswell.


killing me ROTFL

That might have been the case if the author had the community in mind. He would never even take the patches provided by Chatserv and community members and incorporate into nuke. He would just continue to develop new junk. I guess I should never say never, because there have been isolated incidences where he would take code from the patches, but then subsequently create new ones... And, did he care? Nope.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
testy1
PostPosted: Sun Apr 06, 2008 4:12 pm Reply with quote

ok thanks for your reply's, i did search but couldn't find anything usefull, thats also a query of mine as i've noticed searching can gigve you somewhat sceptical results, but i assume that is from the phpbb side of things.

But anyway thanks for your replies.
 
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Sun Apr 06, 2008 5:41 pm Reply with quote

One thing that happened, I think after 7.6, was that the Nuke author started integrating a wysiwyg editor into Nuke. For Ravennuke we have a true data processing professional, Kguske (who is also a site admin here) doing that work and the Nuke author is definitely not such. When you give users access to a textarea and the ability to incorporate HTML into pages, you darned well better have security and integrity as top criteria for what you do and we do with Ravennuke.

That's an important example but far from the only one. Thru the several versions of Ravennuke that have been released we have incorporated thousands of fixes to various bugs in the base Nuke code. As far as I know, none of them have been "backported" (as that chick whose name I forget on the tv show 24 would say) into PHPnuke.
 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Sun Apr 06, 2008 6:25 pm Reply with quote

Thanks for the compliment, fkelly, but even though some basic security was DISABLED in 7.7 to allow for the HTML editor and as you mentioned, we took a more secure approach with nukeWYSIWYG in RavenNuke, the most important difference is the way RN is developed and enhanced - by a team of dedicated professionals. Led by Raven and Montego, this team (of which I am hardly the most prolific contributor), includes developers, testers - working with SVN and a bug tracker to add valuable enhancements, fix known issues, simplify installation, improve compliance - and, of course, security. So many people contribute - people who not only use it, but also support it (something else you won't find on the original site, unfortunately).

Providing support has a funny way of forcing a focus on bugs, security issues, and the like, instead of simply trying to slam in poorly conceived and tested functional enhancements.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
fkelly
PostPosted: Sun Apr 06, 2008 6:38 pm Reply with quote

It sounds like we are on the same page Kguske, maybe even in the same textarea.

Smile

And yeah, your last point is important. The same people who do the development here also are involved with support. How different that is from PHPnuke. There is nothing like holding your own feet to the fire, so to speak.
 
Dawg
RavenNuke(tm) Development Team


Joined: Nov 07, 2003
Posts: 910

PostPosted: Sun Apr 06, 2008 8:58 pm Reply with quote

IF you look in the 2.20 Fourm under "All Issues"....You will see it is a very short list and only a few of those really come back to RN being the real issue. I wonder how mnay times RN has been dowloaded here? Thousands I am sure. For the list to be that short....You know these guys are doing something right!!

Dawg
 
View user's profile Send private message
testy1
PostPosted: Sun Apr 06, 2008 11:42 pm Reply with quote

Dawg wrote:
IF you look in the 2.20 Fourm under "All Issues"....You will see it is a very short list and only a few of those really come back to RN being the real issue. I wonder how mnay times RN has been dowloaded here? Thousands I am sure. For the list to be that short....You know these guys are doing something right!!

Dawg


I was just wondering was all.

I'd heard a fair bit about the chatserv patchs and assumed that the patchs fixed up all the major vulnerabilities.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©