52
Ok patched Manfile, with success,
'XOOPS_TRUST_PATH' :
Check php files inside TRUST_PATH are private (it must be 404,403 or 500 error
If you can look an image -NG- or the link returns normal page, your XOOPS_TRUST_PATH is not placed properly. The best place for XOOPS_TRUST_PATH is outside of DocumentRoot. If you cannot do that, you have to put .htaccess (DENY FROM ALL) just under XOOPS_TRUST_PATH as the second best way.
When using the inbuilt link i get 404 which is good.
'register_globals' : off ok
'allow_url_fopen' : off ok
'session.use_trans_sid' : off ok
'XOOPS_DB_PREFIX' : XOOPS Not secure
This setting invites 'SQL Injections'.
Don't forget turning 'Force sanitizing *' on in this module's preferences.
Go to prefix manager
'mainfile.php' : patched ok
From by view point that's all but database sorted.
and I don't understand enough about what it is saying to play with the database,
what happens when I change the database prefix, does it change the existing ones for me?
are they updated manually through php admin?
'XOOPS_TRUST_PATH' :
Check php files inside TRUST_PATH are private (it must be 404,403 or 500 error
If you can look an image -NG- or the link returns normal page, your XOOPS_TRUST_PATH is not placed properly. The best place for XOOPS_TRUST_PATH is outside of DocumentRoot. If you cannot do that, you have to put .htaccess (DENY FROM ALL) just under XOOPS_TRUST_PATH as the second best way.
When using the inbuilt link i get 404 which is good.
'register_globals' : off ok
'allow_url_fopen' : off ok
'session.use_trans_sid' : off ok
'XOOPS_DB_PREFIX' : XOOPS Not secure
This setting invites 'SQL Injections'.
Don't forget turning 'Force sanitizing *' on in this module's preferences.
Go to prefix manager
'mainfile.php' : patched ok
From by view point that's all but database sorted.
and I don't understand enough about what it is saying to play with the database,
what happens when I change the database prefix, does it change the existing ones for me?
are they updated manually through php admin?
53
hi, and thank you for taking all this time to support me, it is much appreciated.
I meant to say I have moved lib and data out of public_html and into my home directory below www / public access.
I will follow your other instructions, and report back if I have any issues.
I am still not confident in playing with database prefixes, but the rest should be fine.
I meant to say I have moved lib and data out of public_html and into my home directory below www / public access.
I will follow your other instructions, and report back if I have any issues.
I am still not confident in playing with database prefixes, but the rest should be fine.
54
Thank you for this link, I have read and I think most of that is already done on my site,
I moved data and lib to home directory as apposed to temp folder, and manfile is 444,
this is what XOOPS system overview says
* XOOPS Version: XOOPS 2.3.3
* PHP Version: 5.2.9
* MySQL Version: 5.0.67-community
* Server API Version: cgi-fcgi
* OS Version: Linux
* safe_mode: Off
* register_globals: Off
* magic_quotes_gpc: On
* allow_url_fopen: Off
* fsockopen: On
* allow_call_time_pass_reference: On
* post_max_size: 130M
* max_input_time: 60
* output_buffering:
* max_execution_time: 60
* memory_limit: 64M
* file_uploads: On
* upload_max_filesize: 130M
Does this mean I am now protected against Cross-site scripting (XSS)?
In Protector it says
'XOOPS_TRUST_PATH' :
Check php files inside TRUST_PATH are private (it must be 404,403 or 500 error
If you can look an image -NG- or the link returns normal page, your XOOPS_TRUST_PATH is not placed properly. The best place for XOOPS_TRUST_PATH is outside of DocumentRoot. If you cannot do that, you have to put .htaccess (DENY FROM ALL) just under XOOPS_TRUST_PATH as the second best way.
'register_globals' : off ok
'allow_url_fopen' : off ok
'session.use_trans_sid' : off ok
'XOOPS_DB_PREFIX' : XOOPS Not secure
This setting invites 'SQL Injections'.
Don't forget turning 'Force sanitizing *' on in this module's preferences.
Go to prefix manager
'mainfile.php' : missing precheck Not secure
You should edit your mainfile.php like written in README.
---------------------------
Obviously I am a noob with this,
I am afraid to change the XOOPS database prefix as the site is already running.
I can't find XOOPS trust path.
I moved data and lib to home directory as apposed to temp folder, and manfile is 444,
this is what XOOPS system overview says
* XOOPS Version: XOOPS 2.3.3
* PHP Version: 5.2.9
* MySQL Version: 5.0.67-community
* Server API Version: cgi-fcgi
* OS Version: Linux
* safe_mode: Off
* register_globals: Off
* magic_quotes_gpc: On
* allow_url_fopen: Off
* fsockopen: On
* allow_call_time_pass_reference: On
* post_max_size: 130M
* max_input_time: 60
* output_buffering:
* max_execution_time: 60
* memory_limit: 64M
* file_uploads: On
* upload_max_filesize: 130M
Does this mean I am now protected against Cross-site scripting (XSS)?
In Protector it says
'XOOPS_TRUST_PATH' :
Check php files inside TRUST_PATH are private (it must be 404,403 or 500 error
If you can look an image -NG- or the link returns normal page, your XOOPS_TRUST_PATH is not placed properly. The best place for XOOPS_TRUST_PATH is outside of DocumentRoot. If you cannot do that, you have to put .htaccess (DENY FROM ALL) just under XOOPS_TRUST_PATH as the second best way.
'register_globals' : off ok
'allow_url_fopen' : off ok
'session.use_trans_sid' : off ok
'XOOPS_DB_PREFIX' : XOOPS Not secure
This setting invites 'SQL Injections'.
Don't forget turning 'Force sanitizing *' on in this module's preferences.
Go to prefix manager
'mainfile.php' : missing precheck Not secure
You should edit your mainfile.php like written in README.
---------------------------
Obviously I am a noob with this,
I am afraid to change the XOOPS database prefix as the site is already running.
I can't find XOOPS trust path.
56
Hi a friend of mine made comment that my site may have security holes
and suggested I read up about google XSS hole.
It makes for interesting reading.
I just thought I would ask XOOPS Experts, do you think the XOOPS CMS is at risk.
Or what measures should I take to protect my site and my users?
Your help is much appreciated.
Thank you.
and suggested I read up about google XSS hole.
It makes for interesting reading.
I just thought I would ask XOOPS Experts, do you think the XOOPS CMS is at risk.
Or what measures should I take to protect my site and my users?
Your help is much appreciated.
Thank you.
58
Hi all,
I would like help in making it possible for members to comment on photos in the yogurt module, like you can for xcgal etc, any tips for adding this?
I have tried comment anywhere module and it works for most modules but not Yogurt, My users are wanting to comment on photos.
I would like help in making it possible for members to comment on photos in the yogurt module, like you can for xcgal etc, any tips for adding this?
I have tried comment anywhere module and it works for most modules but not Yogurt, My users are wanting to comment on photos.
59
Module Funding?
e.g. Yogurt Module,
those that are interested in this modules development can donate via xoops.org in the same area as the Module download.
Xoops.org takes percentage and the "Team" working on the Module also get a percentage, hence providing a direct reward for the success of the module and the need for its development and a way to attract more developers to xoops,
I hope I have described my point so you understand my point.
e.g. Yogurt Module,
those that are interested in this modules development can donate via xoops.org in the same area as the Module download.
Xoops.org takes percentage and the "Team" working on the Module also get a percentage, hence providing a direct reward for the success of the module and the need for its development and a way to attract more developers to xoops,
I hope I have described my point so you understand my point.
60
Hi all,
love that people are getting involved in Yogurt again,
I use it for a main part of my site, so I am very interested in the development, I also feel in the market there is very little choice for good open source social networking sites.
I really feel Yogurt has very good promise.
I would like help in making it possible for members to comment on photos in the yogurt module, like you can for xcgal etc, any tips for adding this?
I have tried comment anywhere module and it works for most modules but not Yogurt, My users are wanting to comment on photos.
love that people are getting involved in Yogurt again,
I use it for a main part of my site, so I am very interested in the development, I also feel in the market there is very little choice for good open source social networking sites.
I really feel Yogurt has very good promise.
I would like help in making it possible for members to comment on photos in the yogurt module, like you can for xcgal etc, any tips for adding this?
I have tried comment anywhere module and it works for most modules but not Yogurt, My users are wanting to comment on photos.
Login
Search
Recent Posts
Who's Online
Donat-O-Meter
| Stats | |
| Goal: | $100.00 |
| Due Date: | Apr 30 |
| Gross Amount: | $0.00 |
| Net Balance: | $0.00 |
| Left to go: | $100.00 |
 |
|