I do not need to compete with you. Because i think it is not fair to compete with people who do not have same competences on same category. You do not read my first post and you try to create competition here to make your point. I think you have other plans and different agenda to XOOPS because you do not have competences to code your application and create your community. It let me think you try to manipulate XOOPS users opinion for your interest. My first post was:

Quote:

You are off topic and you do not understand it is important to users to update modules and protect at minimum XOOPS sites. XOOPS need users to contribute because it is open source project. It is not me your problem. It is your lack of competences to code your own secure module or application, create your community and your interest over xoops. It is not my interest to loose time with people like you. Act intelligent and do not loose your time to reply. You have nothing to teach me. The problem is XOOPS authentification for business professional. I

Good Luck.

You read my first post and you tell me it is totally against XOOPSiquette? But you do not moderate people who do stupid comments after?
Because of stupid comments programmers do not contribute and XOOPS users are stuck because XOOPS do not have competent developers. I do polite comment to moderators and developers about kernel, token, session, and show 10 days ago user data vulnerability without good scan authentication. Again I do not have any other obligation. It was my free contribution.

Good Luck.

Because of stupid comments of ignorant Mr. JAVesey, vaughan, John_N (wish you good luck with your zarilla project).


I resume constructive comments to XOOPS users :

"As several posters have said, keeping core and modules up-to-date is one of the best things people can do"
davidl2, Forum Moderator


"Apache has mod_security, XOOPS has Protector,
Windows has security add-ons, Linux has security add-ons."
skenow

Remember to install module Protector from Mr. Gijoe site
http://xoops.peak.ne.jp/

Xoops need an extra module to be less vulnerable. It is not part of core. Actual XOOPS core do not provide that minimum security.

10 days ago connection from same IP with last 3 users accounts, moderators and admins last login.
10 days ago connection from 3 different IP, Austria, Germany and Switzerland with switch 6 users accounts.

Do not keep important users data on your XOOPS site.


I repeat my first post:

Programmers are busy with code and moderators with support.
Users can visit frequently the security site:

here

Users can report to developers security problems.
It is easy way to contribute.


After audit code and I do polite comment to moderators and developers about lack of authentication layer. I am moving sites from XOOPS 2.0.16, 2.2, XOOPS Cube joomla and drupal. Because these project developers are coding new core and it is not secure for business professional.

I have no obligation to contribute and I do polite comment.
But you reply with stupid comments. Ask Mr. Herko Formerly XOOPS.org project manager to achieve administrative task.

Good Luck.

PM: davidl2 Re: Security 2007/3/27
PM: phppp authentication layer 2007/3/31

"Information was send to moderators and core member. But i do not have any obligation to contribute or to code. I do audit to client to move to new cms. It was politest to comment and advise members of this project about security problems they already know they need to code new core."

The core was hacked 10 days ago, not the modules. You do stupid comments because XOOPS it is not your business product but an open source project and with your attitude professionals do not come to help you. Again you do not know what you are talking about, read XOOPS code and say there is not token. My clients are moving from xoops, XOOPS 2.0.16, 2.2, xoopscube, joomla and drupal to java cms.
It is business professional choice. I do a polite comment to XOOPS users because they need at minimum a module like protector it is not part of the core. But only stupid people reply useless to show ignorance! I do not use any xoops.

Good Luck.

I can not give support if you install any xoops.org version just advise you to visit Mr. Gijoe site to get the module protector and learn to protect your site.

http://xoops.peak.ne.jp/

Good Luck.

You should know it is not secure to use XOOPS avatars.
Xoops.org remove this user feature to secure this site.
This vulnerability could allow a remote attacker to execute arbitrary code on a vulnerable system by introducing a specially crafted image.

Good Luck.

No it is not secure. And you can read it is not recommended by XOOPS project team.

Good Luck.

Quote:

Mr. JAVesey,
You do not understand the problem. Your ignorance it is not your fault. But you can look at those which make worse, there is no merit, but try to look those which do better you will learn and look more intelligent.
Users need alert message to secure their XOOPS sites.
You should know GPL it is not good for business. Please learn before reply. If many users post about security problems it is not good for project but it is interest to capitalize knowledge with adds.
I tell you for free about XOOPS security problems. Last week we discuss about lack of security layer of XOOPS and different developers code have made the core a patchwork. It was demonstrated here how easy it is to hack xoops.org site accounts and user data.
Information was send to moderators and core member. But i do not have any obligation to contribute or to code. I do audit to client to move to new cms. It was politest to comment and advise members of this project about security problems they already know they need to code new core.
It is important to remember members to update modules and server software. Because xoops.org repository it is not up to date. And the XOOPS distributed package is not secure because its core only provide a simple token system. Users need extra protection. They need at minimum a module like Protector but this module do not come with XOOPS package.

Good Luck.

Do you know a programming language and you think Ajann contribution is not good to secure xoops? Users do not need alert and you think it is better to see victims of hacks on the forums?

Read a good article with good decision to do with futur XOOPS development.

"We are trying to get the word out there to developers that they have at least one brand new security consideration that they didn't have before," said Chess, who co-authored the report.

"Usually we security guys are coming along long after the fact. But this time, we have a chance to fix the problem before it really matters."

"This is a case where even educated developers didn't know it was a big deal because even the security community didn't know it was there," Chess said.

oice to make," said Fortify's Chess. "In terms of disclosing details about a vulnerability, the right thing to do is to tell the developer about it and give them a chance to patch it.

"But the problem here is that we are talking about a vulnerability that is in so many different frameworks and there are so many people not using frameworks, that we want to give everyone a chance to fix it at once, and that meant announcing it," he said.

http://www.securityfocus.com/news/11456

Programmers are busy with code and moderators with support.
Users can visit frequently the security site:

here

Users can report to developers security problems.
It is easy way to contribute.

Good Luck.