Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
sak
Worker
Worker


Joined: Jul 06, 2005
Posts: 172

PostPosted: Wed Apr 18, 2007 11:18 am Reply with quote

I've seen some concerns here or there. I tried to do some searches, but couldn't come up with anything definitive. I'm running a pretty important site, and would like to know how safe people think the current version and integration of gallery2 for nuke is.

Anyone have input?

_________________
Only registered users can see links on this board! Get registered or login! Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
hitwalker
Sells PC To Pay For Divorce


Joined:
Posts: 5661

PostPosted: Wed Apr 18, 2007 12:47 pm Reply with quote

mmm, many use it....theres nothing known about any security issues..
 
View user's profile Send private message
technocrat
Life Cycles Becoming CPU Cycles


Joined: Jul 07, 2005
Posts: 511

PostPosted: Wed Apr 18, 2007 12:59 pm Reply with quote

It's been sometime since I have seen a hack for it

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message
fkelly
Former Moderator in Good Standing


Joined: Aug 30, 2005
Posts: 3312
Location: near Albany NY

PostPosted: Wed Apr 18, 2007 6:04 pm Reply with quote

I can tell you that the Gallery people take security seriously and there are some helpful posts in their Forums and in their Knowledgebase about security. At the same time, the issue is extremely complicated, at least to us mortals who don't fully understand web server setup and permissions, and I would not dare to say there aren't exposures, especially if you don't set things up right and follow their recommendations.

Check out this thread, for instance, and follow the links and read about security and Gallery:

Only registered users can see links on this board! Get registered or login!

You'll be enlightened but also, if you are like me at all, confused and uncertain.
 
View user's profile Send private message Visit poster's website
sak
PostPosted: Fri Apr 20, 2007 12:14 pm Reply with quote

It looks pretty secure Smile As long as the integration is secure as well, I suppose it should be alright.

I just installed it on a fresh copy of RN 2.10. The instructions for the integration say,

Quote:
If you are using a version of PHPNuke older than version 7.5, you must delete the following files from the integration package:
html/modules/gallery2/admin/case.php
html/modules/gallery2/admin/links.php

If you are using a version of PHPNuke equal to or newer than version 7.5, you must delete the following files from the integration package:
html/admin/case/case.gallery2.php
html/admin/links/links.gallery2.php


Since RN is based on 7.6, I deleted the /admin files as directed. Nothing shows up when you install the integration. No new module is visible, and no new admin module control is visible. So, do I attempt to use the /admin files?

Also of concern is that I would like to use a custom name for the module. Instead of "Gallery2" or "gallery2", I would like to use "Gallery" to make it fit in with the other phpnuke modules. The integration instructions say to change a couple lines in the /admin/case file, but since that file doesn't exist for me since I followed the instructions...

Well, when in doubt -- try it and see if it works Razz I'll try using the admin files instead

Edit: That seemed to do the trick. I uploaded the /admin/ files (with the modification for module name) and it works. I left the /modules/Gallery/admin files intact. I'm not sure they need to be deleted, or if it matters at all. The gallery is working at least. Now to tap it...
 
fkelly
PostPosted: Fri Apr 20, 2007 3:30 pm Reply with quote

I believe that the reason for the instructions on the admin files is that Burzi changed the location of admin files starting with 7.6. So Gallery (or the people who integrated it with Nuke) had to have them in two places and you choose based on the version of Nuke you are running. If you got Gallery working that easily I will be asking you for help in the near future Smile ... seriously, when it works it really works and when it goes crazy you go crazy with it.
 
999
Regular
Regular


Joined: Sep 12, 2006
Posts: 58
Location: Dsm, IA

PostPosted: Fri Apr 20, 2007 4:42 pm Reply with quote

It should have shown up with the admin files from the /modules/gallery2/admin. If the name of the modules folder isn't "gallery2" then you have to move the files to whatever you named it. Then go into modules administration and the admin will show up (it doesn't autoload the modules anymore with RN2.10).
 
View user's profile Send private message Visit poster's website MSN Messenger
kevinkap
Involved
Involved


Joined: Apr 22, 2006
Posts: 356

PostPosted: Sun Apr 22, 2007 9:09 pm Reply with quote

you can name the gallery anything you like. I named mine Pics, then when you activate it in the "modules" admin as stated above, you will see the link for it. Make sure you have installed it in the modules directory and have it up and running as a standalone first, then add the embedded files. Next after activating it, you will see the link and you will have to fill out a couple of things. Then you can import your current users.

If you have problems with the settings not sticking, you may need to drop that table from your nuke db and let it be recreated. You may want to use seprate db's for nuke and the gallery. Just a precaution I guess.

_________________
Kevin Kappes 
View user's profile Send private message
FireATST
RavenNuke(tm) Development Team


Joined: Jun 12, 2004
Posts: 637
Location: Ohio

PostPosted: Mon Apr 23, 2007 6:35 am Reply with quote

I used the preinstaller and everything appears to have went fine. Is there a reason not to use this way over a standard installation? Less secure? I will remove it and install it the standard way if there is..... Confused
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
kevinkap
PostPosted: Mon Apr 23, 2007 12:14 pm Reply with quote

not sure what you mean by standard way. The instruction for embedding it into nuke are pretty clear as to how it has to be set up. Install it into the modules directory and ensure it all works. Then you can upload the files to embed it into the nuke structure. You will omit those two files as when you apply the configuration settings, that will do the same thing as what you would be changing in those two files.
 
FireATST
PostPosted: Mon Apr 23, 2007 7:28 pm Reply with quote

when I installed it, I used the preinstaller method. You upload the preinstall.php to where you want the gallery2 to be installed and then just follow the onscreen instructions.

Curiosity is up now....I will have to go back and check to make sure this is ok for Nuke.... Confused
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©