PEAK XOOPS - Re: Xoops Protector 2.35 
Re: Xoops Protector 2.35
| Target | Downloads |
| Subject | |
| Summary |
Re: Xoops Protector 2.35
msg# 1
- depth:
- 0
dasdan
From: Belgium / Ghent
Posts: 4
From: Belgium / Ghent
Posts: 4
I'm convinced of the added value of the protector module, but i would like to remark a minor security risk in the config.
If someone can get direct access to the database, IE the hosting company ... if if if ...
Protector stores the rescue password unencrypted in the xoops_config table
field: conf_name: passwd_disabling_bip
field: conf_title: _MI_PROTECTOR_PASSWD_BIP
field: conf_value: ***unencrypted password***
storing the pass MD5 encrypted seems more secure in my case
i've just noticed a new version 2.35 of protector, but the risc still exists
I have also noticed some problems , when I use relative urls in real html code enabled comments of the polls modules, I hope to find out why tomorrow.
Xoops Forum
If someone can get direct access to the database, IE the hosting company ... if if if ...
Protector stores the rescue password unencrypted in the xoops_config table
field: conf_name: passwd_disabling_bip
field: conf_title: _MI_PROTECTOR_PASSWD_BIP
field: conf_value: ***unencrypted password***
storing the pass MD5 encrypted seems more secure in my case
i've just noticed a new version 2.35 of protector, but the risc still exists
I have also noticed some problems , when I use relative urls in real html code enabled comments of the polls modules, I hope to find out why tomorrow.
Xoops Forum
Votes:0
Average:0.00
Posts tree
-
Re: Xoops Protector 2.35
(dasdan, 2005/3/5 10:12)
-
Re: Xoops Protector 2.35
(GIJOE, 2005/3/8 19:13)
-
Re: Xoops Protector 2.35
(dasdan, 2005/3/10 2:55)
-
Re: Xoops Protector 2.35
(tklee, 2005/3/11 5:12)
-
Re: Xoops Protector 2.35
(GIJOE, 2005/3/16 17:45)
-
-
-
Login