Thread: [oss4lib-discuss] PHPNuke
Brought to you by:
dchud
From: <ed-...@in...> - 2003-04-08 17:48:41
|
Was it here that someone recently asked about PHPNuke? If it was take a look at last weeks securityfocus newsletter [1] and search for PHPNuke in the page. I guess you can look at this in one of two ways (or perhaps both): - it's terrible that vulnerabilities like this exist in PHPNuke - it's great that PHPNuke is being thoroughly tested and made better Whichever way you look at it, it's always sobering to see these newsletters... [1] http://www.securityfocus.com/archive/78/316876/2003-03-29/2003-04-04/0 //Ed |
From: Daniel C. <dc...@um...> - 2003-04-08 18:31:11
|
On Tue, 8 Apr 2003 ed-...@in... wrote: > I guess you can look at this in one of two ways (or perhaps both): I choose both! This is a good reminder that most of us have probably made a lot of now-common and well-understood security mistakes in building our own web applications. If you ever spend time developing or implementing webapps, do yourself a favor and spend some time reading the materials provided by the good people at the OWASP project: http://www.owasp.org/ ...in particular the top ten list and Guide are good starting points if you're new to this stuff and a good refresher to the rest of us that We Should Know Better By Now. fyi, -dc |
From: Raymond W. <ra...@ma...> - 2003-04-08 19:58:44
|
On Tue, Apr 08, 2003 at 02:30:57PM -0400, Daniel Chudnov imagined: > On Tue, 8 Apr 2003 ed-...@in... wrote: > > I guess you can look at this in one of two ways (or perhaps > > both): > I choose both! > > This is a good reminder that most of us have probably made a > lot of now-common and well-understood security mistakes in > building our own web applications. If you ever spend time > developing or implementing webapps, do yourself a favor and > spend some time reading the materials provided by the good > people at the OWASP project: > > http://www.owasp.org/ > > ...in particular the top ten list and Guide are good starting > points if you're new to this stuff and a good refresher to the > rest of us that We Should Know Better By Now. > > > fyi, -dc I would not go with PHP-Nuke personally. PHP-Nuke forked to a project called 'Postnuke' which I think is much better software (or at least that is my general impression without having examined the source-code :) I hear that Postnuke itself has forked to another additional project too -- oh well. Cheers, Raymond -- "What difference does it make to the dead, the orphans, and the homeless, whether the mad destruction is brought under the name of totalitarianism or the holy name of liberty and democracy?" (Gandhi) |