Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
blith
Client


Joined: Jul 18, 2003
Posts: 977

PostPosted: Tue Dec 06, 2005 10:22 am Reply with quote

to it to make it secure? I thought I read somewhere that a line of code at the beginning will bring it up to speed. Am I hallucinating?
 
View user's profile Send private message Visit poster's website
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Tue Dec 06, 2005 11:02 am Reply with quote

Well, I wouldn't call it hallucinating... Dreaming, may be a better term.

If you want to prevent someone from directly accessing the third party module without going through the /modules.php?name=3rdPartyModule path and to use Nuke's ability to control access to modules by admin, member, etc., then an if statement at the beginning will do the trick.

But, secure means different things. If you want to leverage NukeSentinel to prevent XSS, SQL injection, etc., calls to the database must go through standard Nuke database functions, accessed through the mainfile. This is usually NOT a trivial task.

There are a host of other considerations for porting 3rd party applications, but this highlights some of the issues around security.

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
blith
PostPosted: Tue Dec 06, 2005 11:51 am Reply with quote

ah okay Can you please post the if code?
 
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17077

PostPosted: Tue Dec 06, 2005 12:11 pm Reply with quote

Just copy the IF code from any standard nuke module at your site Smile
 
View user's profile Send private message
blith
PostPosted: Tue Dec 06, 2005 12:54 pm Reply with quote

okee dokee
forest... trees
forest... trees
 
Raven
PostPosted: Tue Dec 06, 2005 3:46 pm Reply with quote

Smack
 
utssace
Worker
Worker


Joined: Feb 18, 2006
Posts: 155
Location: Virginia

PostPosted: Sat Feb 03, 2007 1:48 pm Reply with quote

I just added an Iframe script to a center block on my homepage that allows users to view teamspeak server status via an offsite (TS Viewer) service. I just used the add block in the admin area and pastes the script there.

It allows users, including anonymous users to login to their teamspeak and join a channel.

My question is could this pose a security risk that I may need to address?

I have RN 2.02.02 with NS 2.5.05

Here is the homepage to see what I am talking about.
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©