Subject:*
<
Name/Email:*
<
Message Icon:*
<
Select*
<
Message:*
<



Click the Preview to see the content in action.
Options:*
<
Confirmation Code*
<
9 - 7 = ?  
Input the result from the expression
Maximum attempts you can try: 10
*
<
   

Re: xoops_lib & xoops_data
by Dante7237 on 2012/4/23 18:19:57

If a 5 dollar hosting account is a prohibitive factor, then they have far bigger troubles..

There are many other hosting solutions that offer the needed tools cheap.
Re: xoops_lib & xoops_data
by Peekay on 2012/4/23 14:34:18

Quote:

Dante7237 wrote:
Move the folders out of root. Like Flipse said there's no reason not to.


There is a reason. Many of the low-price, shared-hosting services used by charities and community groups don't allow it.

GoDaddy for example.

These organisations can't always afford to 'get a better hosting package'.
Re: xoops_lib & xoops_data
by Dante7237 on 2012/4/23 14:11:21

Move the folders out of root. Like Flipse said there's no reason not to.
More troubling than the presentation of info re: the "Trust Path" is the lack of insistence that people adjust the php.ini files correctly.

Doesn't matter where you locate the trust path if folks are able to traverse directories due to a php.ini oversight.

There's also a great example of an .htaccess file here somewhere that should come stock with the cms package.

Its always that 1 thing you overlook, or deem not required that will be the thing that gets exploited..

And yes, XOOPS is the most secure cms I've found. That doesn't mean anyone should get lazy about doing all the right things..
Re: xoops_lib & xoops_data
by Anonymous on 2012/4/23 13:52:45

Quote:
DCrussader wrote:

This is NOT required, XOOPS is the most secure CMS core this days. XOOPS_LIB/_DATA ca can remain in the root folder....


A cms is save until a new flaw is detected... So why compromise security by not taking all safety measures you can use?

Quote:
Peekay wrote: I have whinged about the wording of these 'warnings' before. They make Xoops look insecure and will have caused many new users to abandon Xoops before they even try it.


But what if not warning users would lead to many compromised xoops sites? I guess this would be more harmfull for xoops then a few users not using it by lack of knowledge.

I agree with you both this warnings could use some extra explanation in the install script or on the main admin page. And be clear about what are the risks when ignoring them.
Re: xoops_lib & xoops_data
by Peekay on 2012/4/23 12:45:59

Quote:

DCrussader wrote:

This is NOT required, XOOPS is the most secure CMS core this days. XOOPS_LIB/_DATA ca can remain in the root folder....


+1

I have whinged about the wording of these 'warnings' before. They make Xoops look insecure and will have caused many new users to abandon Xoops before they even try it. There are many shared hosting providers who simply do not allow folders outside the site root.

Who's Online

169 user(s) are online (141 user(s) are browsing Support Forums)


Members: 0


Guests: 169


more...

Donat-O-Meter

Stats
Goal: $15.00
Due Date: Jul 31
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $15.00
Make donations with PayPal!

Latest GitHub Commits