Jump to content
Latest News: (loading..)

Archived

This topic is now archived and is closed to further replies.

steptoe675

Why still have these files

Recommended Posts

Hi all I have just started using oscommerce again and downloaded the latest version

then I looked at securing my site and to my amazement certain files are still being included into the latest versions

for example

 

FILEMANAGER:

 

It has long been known the filemanger is a security risk & should, nay MUST be removed, if used for editing your site it is likely to damage your files, so is a bad utility to keep anyway, see here. Its also been known its a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanger to gain access to your site ( dbase included!! )

 

why has this file and many other similar files which have been found to be major security risks still being included to the latest versions that are able to be downloaded also why have none of the excellent addons not been incorporated into the base code to make it easier for people to secure there sites with minimal effort

Share this post


Link to post
Share on other sites

Hi all I have just started using oscommerce again and downloaded the latest version

then I looked at securing my site and to my amazement certain files are still being included into the latest versions

for example

 

FILEMANAGER:

 

It has long been known the filemanger is a security risk & should, nay MUST be removed, if used for editing your site it is likely to damage your files, so is a bad utility to keep anyway, see here. Its also been known its a possible hacking route & to make matters worse there now exists a very nasty hack that uses filemanger to gain access to your site ( dbase included!! )

 

why has this file and many other similar files which have been found to be major security risks still being included to the latest versions that are able to be downloaded also why have none of the excellent addons not been incorporated into the base code to make it easier for people to secure there sites with minimal effort

There is an update to v2 osc in the works.

 

I would imagine that these latest security bugs detected will have been corrected.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

Hi Germ

sorry but I was refering to version 3.0a5 I probably should have said I know it is still not in full production yet but it would be nice to have some of these issues resolved before the final release as there is no mention of security issues being dealt with on the roadmap

Share this post


Link to post
Share on other sites

Hi Germ

sorry but I was refering to version 3.0a5 I probably should have said I know it is still not in full production yet but it would be nice to have some of these issues resolved before the final release as there is no mention of security issues being dealt with on the roadmap

Then you've posted in the wrong part of the forum.

 

Posts about V3 belong somewhere here instead.

 

Look at the top of the page.

 

This part is for osCommerce Online Merchant v2.x support exclusively.


If I suggest you edit any file(s) make a backup first - I'm not perfect and neither are you.

 

"Given enough impetus a parallelogramatically shaped projectile can egress a circular orifice."

- Me -

 

"Headers already sent" - The definitive help

 

"Cannot redeclare ..." - How to find/fix it

 

SSL Implementation Help

 

Like this post? "Like" it again over there >

Share this post


Link to post
Share on other sites

×