Hi all I have just started using oscommerce again and downloaded the latest version
then I looked at securing my site and to my amazement certain files are still being included into the latest versions
for example
FILEMANAGER:
It has long been known the filemanger is a security risk & should, nay MUST be removed, if used for editing your site it is likely to damage your files, so is a bad utility to keep anyway, see here. Its also been known its a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanger to gain access to your site ( dbase included!! )
why has this file and many other similar files which have been found to be major security risks still being included to the latest versions that are able to be downloaded also why have none of the excellent addons not been incorporated into the base code to make it easier for people to secure there sites with minimal effort
Latest News: (loading..)
4 replies to this topic
#2
Posted 07 February 2010 - 03:58 PM
steptoe675, on 07 February 2010 - 03:41 PM, said:
Hi all I have just started using oscommerce again and downloaded the latest version
then I looked at securing my site and to my amazement certain files are still being included into the latest versions
for example
FILEMANAGER:
It has long been known the filemanger is a security risk & should, nay MUST be removed, if used for editing your site it is likely to damage your files, so is a bad utility to keep anyway, see here. Its also been known its a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanger to gain access to your site ( dbase included!! )
why has this file and many other similar files which have been found to be major security risks still being included to the latest versions that are able to be downloaded also why have none of the excellent addons not been incorporated into the base code to make it easier for people to secure there sites with minimal effort
then I looked at securing my site and to my amazement certain files are still being included into the latest versions
for example
FILEMANAGER:
It has long been known the filemanger is a security risk & should, nay MUST be removed, if used for editing your site it is likely to damage your files, so is a bad utility to keep anyway, see here. Its also been known its a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanger to gain access to your site ( dbase included!! )
why has this file and many other similar files which have been found to be major security risks still being included to the latest versions that are able to be downloaded also why have none of the excellent addons not been incorporated into the base code to make it easier for people to secure there sites with minimal effort
I would imagine that these latest security bugs detected will have been corrected.
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.
"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."
- Me -
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."
- Me -
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
#3
Posted 07 February 2010 - 04:11 PM
Hi Germ
sorry but I was refering to version 3.0a5 I probably should have said I know it is still not in full production yet but it would be nice to have some of these issues resolved before the final release as there is no mention of security issues being dealt with on the roadmap
sorry but I was refering to version 3.0a5 I probably should have said I know it is still not in full production yet but it would be nice to have some of these issues resolved before the final release as there is no mention of security issues being dealt with on the roadmap
#4
Posted 07 February 2010 - 04:16 PM
steptoe675, on 07 February 2010 - 04:11 PM, said:
Hi Germ
sorry but I was refering to version 3.0a5 I probably should have said I know it is still not in full production yet but it would be nice to have some of these issues resolved before the final release as there is no mention of security issues being dealt with on the roadmap
sorry but I was refering to version 3.0a5 I probably should have said I know it is still not in full production yet but it would be nice to have some of these issues resolved before the final release as there is no mention of security issues being dealt with on the roadmap
Posts about V3 belong somewhere here instead.
Look at the top of the page.
This part is for osCommerce Online Merchant v2.x support exclusively.
If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.
"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."
- Me -
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."
- Me -
"Headers already sent" - The definitive help
"Cannot redeclare ..." - How to find/fix it
SSL Implementation Help
Like this post? "Like" it again over there >
