Ravens PHP Scripts: Forums
 

 

View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
sharlein
Member Emeritus


Joined: Nov 19, 2002
Posts: 322
Location: On the Road

PostPosted: Thu Oct 16, 2003 7:05 am Reply with quote

Yesterday i saw a package on Nuke Cops that contained all of the recent fixes. It contain 35 files that were fixed. I have only been aware of the two i was working on, i.e., admin and auth php. Should I upload all of those files? Thank you from my little world of confusion Very Happy Steve

P.S. I hope you enjoyed ur way 2 short time off.

_________________
Give Me Ambiguity Or Give Me Something Else! 
View user's profile Send private message
Raven
Site Admin/Owner


Joined: Aug 27, 2002
Posts: 17086

PostPosted: Thu Oct 16, 2003 7:10 am Reply with quote

If you read the news thread on the front page of NC, the fix package is creating many problems. I would stay away from it until it settles. Many of the changes in those packages are precautionary as opposed to the absolute ones that have been made public. Mileage may vary and precaution these days may be worthwhile, but wait untile they get the bugs worked out. Just my opinion!


Last edited by Raven on Thu Oct 16, 2003 7:20 am; edited 1 time in total 
View user's profile Send private message
sharlein
PostPosted: Thu Oct 16, 2003 7:18 am Reply with quote

Thank you, Raven. You know I value your opinion Very Happy I will hold off, and I will go read that thread. Keep up the good work. Speaking of good work, I may needing another account on your Web Hosting. I will submit through the Web Hosting when I'm sure of what i need. Steve
 
Frogger
Worker
Worker


Joined: Oct 06, 2003
Posts: 108

PostPosted: Wed Nov 05, 2003 11:02 pm Reply with quote

During the time we wait for NC to update these fixes, what concerns should we have on these "possible" sql injection vunerabilities"?

_________________
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Send e-mail Visit poster's website Yahoo Messenger ICQ Number
Raven
PostPosted: Wed Nov 05, 2003 11:10 pm Reply with quote

If you've installed the ones from my site, thus far, you are pretty safe, assuming you have kept up with the prior ones too. I haven't heard of any exploits after the last ones posted here. The other things that NC is adding is somewhat overkill, but, maybe better safe than sorry. They may also have some inside information that I do not. I am rather perplexed that they put those out buggy and didn't say anything to the contrary until the negative feedback started. Then they got somewhat defensive. Kind of reminds me of FB. Then to go this long w/o fixing them is really strange too.


Last edited by Raven on Thu Nov 06, 2003 6:34 am; edited 1 time in total 
Anubis_The_Jackal
Court Jester


Joined: Sep 20, 2003
Posts: 106

PostPosted: Thu Nov 06, 2003 2:49 am Reply with quote

perhaps the worlds coming to an end. Or the marriage thing is taking up a load of time?
 
View user's profile Send private message Send e-mail
Frogger
PostPosted: Thu Nov 06, 2003 9:18 pm Reply with quote

It's all about priorities, I guess. Wink

I have two sites that are your 6.9 and two test sites that are 7.0 with no security fixes in placed with exception to the Downloads and Weblinks modules.

I have copies of security patches where most have file dates of 10-15 or earlier for both 6.9 and 7.0.

Is it critical or important that these fixes be applied?

I ask only 'cause I'm tired of blindly following advise when the details are left to assumption. Confused

Must be right about the marriage.... Wink
 
Raven
PostPosted: Thu Nov 06, 2003 9:26 pm Reply with quote

Depending on when you installed the 6.9 from here, they may already be applied. If they are, I will have noted it in the raven change log. You should make sure that you have all the fixes in place that I have offered on my site. You and I tested your site the other day and fixed the leaks that it had. You should be ok. If you have more fixes that aren't applied, let me know which ones and we can check them out.
 
Frogger
PostPosted: Thu Nov 06, 2003 10:09 pm Reply with quote

I figured you would have mentioned other fixes if they were necessary, but if you'd like I'll check them out and see if there are any changes so you can check 'em out.
 
Anubis_The_Jackal
PostPosted: Fri Nov 07, 2003 3:29 am Reply with quote

would you help me check my site for problems after i upgrade it? its at nuke 6.9 but im stil getting the Coppermine 1.2 to work. seems to be rather buggy for an RC 2 you know?
 
Raven
PostPosted: Fri Nov 07, 2003 4:58 am Reply with quote

What I mean to frogger was that he checks his own code to see if the patches are installed. If he finds patches that are NOT installed, then let me know which ones and I will check to see if it is a nice-to-have or really a must.
 
Frogger
PostPosted: Fri Nov 07, 2003 6:53 am Reply with quote

If I were you, I'd hold off upgrading to 1.2.0 as it brought an entire test site of mine to it's knees.

Bug is an understatement when it comes to the new release candidate.

If you use it on a production site, I hope you have a complete backup of everything......you're gonna need it.

With this being a new release from authors who took over the project....well. ..... credit must be given to them, but W A I T for a more stable release.
 
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke

View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©