Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9449
Location: Arizona

PostPosted: Mon Oct 04, 2004 10:53 pm Reply with quote

Again, sorry the newbie question. I am just overwhelmed with the number of add-ons, hacks, etc. for phpNuke! It is taking alot of time to find just the right block or module or ____ to fit my needs. As I do this, I grow increasingly concerned that as I add these things that I am opening up my site for malaise.

For the newbies out here, can someone help us understand what it is we should be looking for with regards to potential security holes? For example, in the Site Info block I noticed references to PHP_SELF as apposed to SCRIPT_NAME. How do I know when it is a potential vulnerability that I need to patch myself or it is ok? What about the SQL infusion attacks; I am very concerned about these in tools like Gallery and Event Calendar, etc.

What should we be concerned with?

Any pointing in the right direction is greatly appreciated.

montego
 
View user's profile Send private message Visit poster's website
chatserv
Member Emeritus


Joined: May 02, 2003
Posts: 1389
Location: Puerto Rico

PostPosted: Tue Oct 05, 2004 10:22 pm Reply with quote

Problem with this is that if one is a newbie one won't have enough know how to be able to track down coding errors and unsafe code so the best option for a newbie regarding Nuke is to make sure their site is up-to-date on security patches and also to use security scripts like NukeSentinel which will help big time when it comes to catching attacks that may come from unsafe coding.
 
View user's profile Send private message Visit poster's website
montego
PostPosted: Wed Oct 06, 2004 6:14 am Reply with quote

Chatserv,

I may be a newbie to Nuke, but not to coding. If I have a few high level principles regarding things that you look for, for example, it would help me tremendously.

Are you able to share some of your know-how as to when you reviewing code, what are you looking for? As an example, do you look for form fields on the screen where data entry is possible (that will eventually come back out of the database into HTML again eventually) and check if they are stripping out unsafe HTML tags?

Also, if by having Nuke Sentinel installed, do I assume that it automatically protects ALL of the add-on blocks and modules that I install? Does it parse through EVERY server request from the browser?

TIA,
montego
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©