Posted on: 2004/7/20 5:11
Re: someones Security Problem
this thread doesnt make sense and is causing undue alarm.
You ar insinuating its XOOPS. It's not.
Well, I don't think that's entirely true. There is obviously something about the way XOOPS does sessions that, on certain servers, causes problems. If there wasn't, it wouldn't have happened on our
site as well!
Just because it doesn't happen to everyone doesn't mean it's not a bug. We just have to figure out why it happens, and how to get rid of it.
Now, for us the solution was to turn custom session handling off. At least, no-one has reported the problem since then! So what is it about custom session handling that could cause this, and what are the common factors in the servers that have exhibited the problem? That's the line of questioning we should follow. I don't think it's terribly helpful to suggest that the original poster is at fault because it couldn't possibly be XOOPS
BTW, we modified no core XOOPS files.
Oh, and if you wanted to see 'undue alarm' you should've seen the other site admin and myself on Sunday night when we discovered the security problem, about an hour after the site went live!