Hello

just a thought befor Making myself Some Tea , Has anyone ever Thought . if Protector can be a Stand alone Script to use in any site regards if xoops or not.. Going make my Tea Now.. Thx

well it uses the xoops core classes & functions aswell as it's own, so unless it's modified to solely use it's own classes & functions which would be a lot of work. then i don't think so.

it is designed for XOOPS cores, and as each script is totally different, it would be difficult to code for all scenarios, especially in the integration part of another script.

Hello
No i dont belive it is that hard to do , if you the Dev , Becuse you know your Code . I myself Know Php but still will be Hard for me to Convert it to Stand alone Script .

Protector Could be Stand alone Program that works in any php site .. Just whtever your site is , you need to include lets say the protector check file to your site main file usualy the index to check aginst attacks .

as matter of fact i had a script dose such thing but i have left it due to too Many False Reports.

would that create lazy coders though if they knew they could get a script that does their sanitizing and security for them?

i mean, if xoops & icms cores and modules were all coded securely to begin with, then xoops protector wouldn't be necessary in the 1st place.

it's good that Gijoe wrote the module because it has certainly helped over the years, but it should not be a replacement for secure coding practices.

I see many comments regarding Protector module and when security exploits get discovered, the usual consensus is that it's ok because you have protector installed, that will prevent this exploit.

But that's giving false hope because people have to rely on the module instead of relying on the core to offer that protection. in other words people are relying on it too much instead of writing secure code in the 1st place.

The protector module should be a secondary defense, not a primary defense, the core and modules should be the primary source of defense.

I totaly agree with you , But you Have to admit that xoops one Of the Most Secured CMS portal On the Net .

and Most of the Bugs, Sql injection , Exploit..etc Were Found On different Modules Devloped by others .

and you know as much as i know that there will Never be A secure Code .. there always Holes left unpatched .

For Now Xoops + Protector Stands One of Most Powerful Portal and Module . when i have PHPNuke every day i used to Check My site always Picture a Message ' You have Been Hacked " this Nightmare Did not go away yet but with Xoops my worry is less . but i know Never say i'm Protected .. there always will be Hole the kids will Passthru.

yeah, and Microsoft don't help matters when they release IE8 and IE8's new security features can open up your site to XSS attacks even if your site is protected from it by secure coding practices.

http://community.impresscms.org/modules/newbb/viewtopic.php?topic_id=3834&forum=12&post_i...

Yah Microsoft Explorer Needs to put to Sleep .. i wish People who devlop Programs Start thinking of Linux so we Can Put whole Micrsot Giant to Sleep . they Make windows and sell it to u then they want u to buy thier All in one Security to protect the Windows they Sold u .. are u Kidding me ?