hi evil Doctor!
Quote:
Are the core patches that make 'Oreteki' secure shared with xoops.org?
onokazu should know the vulnerablities, since he subjects zx mailing list.
Quote:
I just want to know if Xoops.org is moving to fix known problems with core files.
I don't know, sorry.
Time disallows me to check the latest CVS of core.
Hi GiJoe,
Are the core patches that make 'Oreteki' secure shared with xoops.org? I just want to know if Xoops.org is moving to fix known problems with core files. Thanks!
ps. I really enjoy your modules! Thanks for the great products!!!!!
Thanks GIJOE. It really clarifies things for me.
hi tl.
As the author -Marichan- is a member of zx, he also knows the latest list of security holes of XOOPS core.
So, Oreteki is secure enough.
"Ticket system" is just a side of Oreteki's domination.
Although ticket protects it from CSRF, another vulnerablities should be patched by another methods.
Anyway, Protector and Oreteki are independent concept each other.
- Oreteki is a secure core.
- Protector is a global protection system for vulnerable core and modules.
Protector is also useful for Oreteki, if you need some protection against DoS.
Appendix:
Turn "the patch for XOOPS <= 2.0.9.2" off with Oreteki.