Support Forums - All Posts - XOOPS Web Application System

11

Re: Xoops On Crack?

2005/1/5 10:24
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

hi Mithrandir.
Quote:

GIJOE has already told me that he would be happy to see Protector code integrated in the XOOPS core, but I had hoped he would play a more active role in this implementation and as official security officer - I hope GIJOE is considering this (he would get back to me shortly) and will keep you informed, when I get something more to say.

Don't misunderstand it, please.

The action of Protector is like a plaster.

If there is no injury, plaster is no use.

You -core develpper- should make the core without injury instead of making plasters.

Anyway, eliminate foreach($_POST...) or extract($_POST) from the codes of core.
This is the 1st step.

12

Re: Xoops On Crack?

2005/1/5 10:18
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

I respect Yuji/FutureSpy.
He made efforts creating the language files for Protector.
I think people who speak Spanish should thank to him.

Anyway, his read/write Japanese very well.
Perhaps, it is the best way to be translated by him for Brazillians.

13

Re: Xoops On Crack?

2005/1/5 10:06
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Quote:

why you dont open a project at dev.xoops.org for your protector module? IMHO its the best place for everyone want to develope a module and all people can support it with send bugs and features.

The reason why I don't use dev.xoops.org at all is the security reason.
JM2 has reported xoopsforge is quite insecure.
nobunobu also says it is quite danger.
(Although I've never checked yet, the two person's skill is trusted enough.)

What can I do if the site is cracked and the archive of Protector is replaced maliciouly?

And I don't know the skill of the server's adminstrator.
Since PEAK XOOPS is administrated by me, I can believe the skill a little at least

Moreover, I don't like the interfaces of newbb2.
It works quite buggy with IE5.

And newbb2 is also insecure with XSS.
(Of course, I'll never demonstrates XSS in this site.)

newbb2 kept me away from www.xoops.org or dev.xoops.org ...
(Although I respest Predator...)

-----
(edit)
I've just learnt newbb2 looks not so buggy with Opera.
But it is too many javascripts in fact.

14

Re: Xoops On Crack?

2005/1/5 9:45
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

hi hervet.

The best documentation in I've ever seen is the one minahito wrotes.
But it just a Japanese.

I can't describe the documentation for scurity well in English.

Anyway, you should know this:


foreach( $_POST as $k => $v ) { ${$k} = $v ; }


extract( $_POST ) ;

Both are MUST avoidable coding.

15

Re: Xoops On Crack?

2005/1/5 9:37
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Quote:

1- why you dont write good documentation for your works?
personally i use your modules and hacks ( protector , autologin , xhld ) but there is no documentation in your site or i cant find it.for regular modules the documentation is not very need and important but for a module like 'protector' we MUST have a very compelete detailes documentation to use. if we cant understand it how we can recommended it?

You are right.
Thus I made MEMO inside the archive.
I believe that it is a good documentation to understand the action of Protector.
But it is written in Japanese.

Quote:

2- why you dont write any news about your works in xoops.org site?
report to community is very important. e.g. you release protector 2.2 in http://www.peak.ne.jp but a person like me how know about it? i dont know what you think about it but i can tell you "many people dont know about you and your works"

That's because this site is too heavy to use.
It makes me a stress even writing this article.

Quote:

instead of just coding and coding and coding .... just spend some times with us .the community waiting for you

It's just a misunderstanding.

I can't communicate well just in English.
You can see my uname in the top of http://www.xoopscube.jp/

16

Re: Xoops On Crack?

2005/1/5 9:20
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

First of all, I apologize to you about doing an unethic way.
It's just a crack instead of sophisticated demonstrations.

I'll never justify the action I did in 1st Jan.

Secondly, I don't want to role officer of QA and/or Security.

reasons:

1. I'm busy on my job and family.

2. I don't have enough skill to role it.
The real hero is JM2. I'm just a baby if compared with him.

3. I'm a module developper and want to continue developping them.
If I report the vulnerablities in a module which competes my module, how do you think?

17

Re: Xoops On Crack?

2004/12/31 21:57
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

hi All.

At first, I've worked for Xoops, the Core Team, and the community as a whole.
The crystal of the effort is my Protector.

Quote:

Your point would have been better taken if you would have setup a demo site and invited the Core Team to a demonstration to be immediately followed by a detailed bug report. Instead, you have chosen to make yourself look like just another script kiddie.

OK. I'm sorry that I did bad manners.

But, you should know that we've reported again and again from 2004's summer to Herko as a member of core team.

Herko ignored us.

That's the reason why I made Protector for benefits of all XOOPSers.

Inspite of this fact, Herko slandered Protector is just an AntiDoS module.
Moreover, he repeasts blindly "XOOPS is quite secure as is".

I can't permit Herko's attitude at all.

Although I'll never write how to crack anywhere, well-skilled programmer can find the way.

Thus, I shall say again and again.
Install Protector if you want to be cracked.

18

Re: [myAlbum-p and piCal] layout problems not caused by theme

2004/12/31 21:25
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

It looks just an issue of CSS.

check the margin or padding of your style.css in your theme.

19

Re: Protector installation

2004/12/31 19:51
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Herko.

I shall say "calm down" especially to you.
Why is there too many '?'

ORETEKI XOOPS is not by me.
It's Marijuana's work.

And I do nothing with the work.
That's because it's just a Japanese version.
I'm not interested with non-international projects.

But the codes are very good and secure.
It's a fact.

And JM2 have told you with the vulnerablity in 2004's summer.
If the information is not shared, the reason is your disregarding.

We've alerted to you that it's too danger codes like:


foreach( $_POST as $k => $v ) {

    ${$k} = $v ;

}

or


extract( $_POST ) ;

20

Re: Protector installation

2004/12/31 10:11
GIJOE
Quite a regular
Posts: 265
Since: 2003/8/13

Herko.

I've answered to your strange question.
Why do you say nothing?

Stats
Goal:	$100.00
Due Date:	May 31
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: Xoops On Crack?

Re: Xoops On Crack?

Re: Xoops On Crack?

Re: Xoops On Crack?

Re: Xoops On Crack?

Re: Xoops On Crack?

Re: Xoops On Crack?

Re: [myAlbum-p and piCal] layout problems not caused by theme

Re: Protector installation

Re: Protector installation

Login

Search

Recent Posts

Re: Big problem with SQL

Re: Big problem with SQL

Re: Big problem with SQL

Re: newbb 5.0 error

newbb 5.0 error

Big problem with SQL

Re: XOOPS Countdown 2.1.0 Beta 1

Re: Unable to fork XOOPS/XoopsCore25 on GitHub

Unable to fork XOOPS/XoopsCore25 on GitHub

Re: XOOPS Countdown 2.1.0 Beta 1

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}