| Re: a secure xoops website howto ? |
| by khana on 2005/9/6 10:23:53 Hi, And I recommend that the protector must be downloaded from not this official site but the GIJOE's. http://www.peak.ne.jp/xoops/ latest version is maybe 2.52 |
| Re: a secure xoops website howto ? |
| by davidl2 on 2005/9/6 10:10:46 For version - I would recommend 2.0.13.1 CBB is an ongoing development, which has replaced newbb Smart modules are constantly being updated, so I would recommend SmartFAQ over XoopsFAQ. |
| Re: a secure xoops website howto ? |
| by russel1 on 2005/9/6 9:59:37 Thanks all for anwsering. I trust XOOPS and it's developers otherwise I wouln't even be talking about it. But my question is more of WHAT should I use . eg: xoops core 2.0.13.1 (I guess 2.2.x is too new) news 1.3 or 1.4 ? newbb 1.x or cbb? xgal or xgallery ? xdonations or ... ? wfchannel or ...? xoopsfaq or smartfaq ? protector The goal is to get an (as mutch as possible) trouble-less and secure site up. Features are not that important. If I use news, newbb and faq that are not part of the official 2.0.13.1 what should I do when a new version of XOOPS comes out. Thanks again |
| Re: a secure xoops website howto ? |
| by brash on 2005/9/6 8:23:03 You'll probably find that your webserver (be it apache or IIS) will be of greater risk of getting hacked than Xoops. If you are wanting tight security, there are so many levels you should be concentrating on before your choosen CMS, as it is the last port of call. As you've mentioned there though, I would say the Protector module is a must for anyone security concious, but this alone is by no means a security solution. |
| Re: a secure xoops website howto ? |
| by Chappy on 2005/9/6 7:53:04 Been with XOOPS for about two years now. I can tell you that in that time, as far as I am aware, the devs have been very careful to fix any security breaches in a very timely manner. Elsewhere on this site you will find security raised as a concern, as it should be. There is preventive security that is reflected in the coding. I am NO expert in that. What I do know is the performance I seen when security issues have been reported. There have not been a lot of alerts from the security watchdogs. When there have been, it has been addressed immediately. Here's a quote discussing the xmlrpc vulnerability several versions back from http://www.gulftech.org/?node=research&article_id=00086-06292005: Quote: Special thanks to Jan Pederson from XOOPS for acting so quickly on this very high risk issue. Very prompt, very professional! This is what I have observed since starting with xoops. Moreover, the xmlrpc vulnerability was not limited by any means to xoops. I cannot speak to drupal or mambo. I do feel a great deal of confidence that XOOPS will do as much as possible to make itself secure. If you want further evidence of the concern for security in the coding, find some of the not so distant discussions about username vs displayname in 2.2. |