Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
7 - 1 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
   

Re: a secure xoops website howto ?
by khana on 2005/9/6 10:23:53

Hi,
And I recommend that the protector must be downloaded from not this official site but the GIJOE's. http://www.peak.ne.jp/xoops/
latest version is maybe 2.52
Re: a secure xoops website howto ?
by davidl2 on 2005/9/6 10:10:46

For version - I would recommend 2.0.13.1

CBB is an ongoing development, which has replaced newbb

Smart modules are constantly being updated, so I would recommend SmartFAQ over XoopsFAQ.
Re: a secure xoops website howto ?
by russel1 on 2005/9/6 9:59:37

Thanks all for anwsering. I trust XOOPS and it's developers otherwise I wouln't even be talking about it. But my question is more of WHAT should I use . eg:

xoops core 2.0.13.1 (I guess 2.2.x is too new)
news 1.3 or 1.4 ?
newbb 1.x or cbb?
xgal or xgallery ?
xdonations or ... ?
wfchannel or ...?
xoopsfaq or smartfaq ?
protector

The goal is to get an (as mutch as possible) trouble-less and secure site up. Features are not that important.
If I use news, newbb and faq that are not part of the official 2.0.13.1 what should I do when a new version of XOOPS comes out.


Thanks again
Re: a secure xoops website howto ?
by brash on 2005/9/6 8:23:03

You'll probably find that your webserver (be it apache or IIS) will be of greater risk of getting hacked than Xoops. If you are wanting tight security, there are so many levels you should be concentrating on before your choosen CMS, as it is the last port of call. As you've mentioned there though, I would say the Protector module is a must for anyone security concious, but this alone is by no means a security solution.
Re: a secure xoops website howto ?
by Chappy on 2005/9/6 7:53:04

Been with XOOPS for about two years now. I can tell you that in that time, as far as I am aware, the devs have been very careful to fix any security breaches in a very timely manner. Elsewhere on this site you will find security raised as a concern, as it should be.

There is preventive security that is reflected in the coding. I am NO expert in that. What I do know is the performance I seen when security issues have been reported. There have not been a lot of alerts from the security watchdogs. When there have been, it has been addressed immediately. Here's a quote discussing the xmlrpc vulnerability several versions back from http://www.gulftech.org/?node=research&article_id=00086-06292005:

Quote:
Special thanks to Jan Pederson from XOOPS for acting so quickly on this very high risk issue. Very prompt, very professional!


This is what I have observed since starting with xoops. Moreover, the xmlrpc vulnerability was not limited by any means to xoops.

I cannot speak to drupal or mambo.

I do feel a great deal of confidence that XOOPS will do as much as possible to make itself secure. If you want further evidence of the concern for security in the coding, find some of the not so distant discussions about username vs displayname in 2.2.

Who's Online

595 user(s) are online (560 user(s) are browsing Support Forums)


Members: 0


Guests: 595


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits