Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> FCKeditor/WYSIWYG Issues
Author Message
erisds
New Member
New Member


Joined: Sep 07, 2005
Posts: 11

PostPosted: Thu Mar 15, 2007 7:23 am Reply with quote

I'm assuming you guys have vetted and deemed the WYSIWYG editor to be secure now?

Just want to be absolutely sure before I start to use it as I am just recovering from a MAJOR hack whilst using 2.02.02 (although with gallery and vwar etc on the site who knows which bit was the cause).
 
View user's profile Send private message
FireATST
RavenNuke(tm) Development Team


Joined: Jun 12, 2004
Posts: 637
Location: Ohio

PostPosted: Thu Mar 15, 2007 7:27 am Reply with quote

I would guess vwar myself. Have been using gallery 2 for a while with no problems.
 
View user's profile Send private message Visit poster's website MSN Messenger ICQ Number
montego
Site Admin


Joined: Aug 29, 2004
Posts: 9453
Location: Arizona

PostPosted: Thu Mar 15, 2007 7:28 am Reply with quote

erisds, to be quite honest, I would place my money on vwar. There are no known issues with nukeWYSIWYG, so I would not assume blame there. However, vwar is a different story from what I have seen in these forums.

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
erisds
PostPosted: Thu Mar 15, 2007 7:30 am Reply with quote

Not being funny but thats not what my post is asking I am aware of the vulnerabilities in vWar. I only mentioned the hack to make it clear why it was important to me that the WYSIWYG editor is secure.

I have not been using the WYSIWYG editor but would like to enable it... given that it is now deemed secure, from what you have said montego, I take that to be true.. which is good Smile
 
jakec
Site Admin


Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom

PostPosted: Thu Mar 15, 2007 7:30 am Reply with quote

The WYSIWYG editor is not the standard insecure editor that is part of the standard nuke and I'm not aware that there were any issues with the version released with 2.02.02. It is likely that the hack would have been through vwar.

The WYSIWYG editor would not have been included in the package if there were concerns over the security, so I think you are safe to activate it. Cool

I'm sure Kguske will want to comment when he is online, as he worked on the integration into RN.
 
View user's profile Send private message
jakec
PostPosted: Thu Mar 15, 2007 7:32 am Reply with quote

lol, how's that for service?
 
erisds
PostPosted: Thu Mar 15, 2007 7:32 am Reply with quote

pretty d***ed good I'd say!
 
kguske
Site Admin


Joined: Jun 04, 2004
Posts: 6383

PostPosted: Thu Mar 15, 2007 8:38 pm Reply with quote

Not aware of any problems or issues with the editor, though it can be configured to allow problems (i.e. allowing bad HTML in the allowable_html array in config.php or allowing unregistered users to upload by changing the tool bar, etc.).

As for finding out how the 2.02 site was hacked: the logs don't lie. Have a look there to find some answers...

_________________
I google, therefore I exist...
Only registered users can see links on this board! Get registered or login!
 
View user's profile Send private message
erisds
PostPosted: Thu Mar 15, 2007 9:59 pm Reply with quote

I'm not gonna be changing the allowable HTML.

As for the logs, it would be nice wouldn't it? However despite how much trouble the hack caused them, they won't let me see the necessary logs.
 
FireATST
PostPosted: Fri Mar 16, 2007 3:55 am Reply with quote

So, was this a hacker that got several sites on their servers? If so, it may have not had anything to do with your installation. Maybe the host has some security flaws itself, allowing access to the server and any site on it.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> FCKeditor/WYSIWYG Issues

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©