Support Forums - All Posts - XOOPS Web Application System

1

Re: Security regarding the plain text login of Xoops 2.0

2008/11/9 19:03
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

well even md5 is insecure.

but on the regard of https as default..

for the ability to use https, your server needs to have a verified SSL certificate that has been registered with the certificate authorities. and that costs money. not everyone uses it, and it's only really necessary for sites that have dealings with cash or credit card details or confidential information.

but just because you use SSL doesn't mean it's secure.. the transport is encrypted yes, but it doesn't protect you from the middle man if your site has been breeched, as then they will have access to the plain content aswell as the encrypted layer and public keys.

2

Re: WF-Downloads 3.2, unable to upload

2008/11/3 16:40
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

Quote:

Current Upload Path:http://www.r-b-c.info/uploads/files

is wrong.

Quote:

Note. Upload Path *MUST* contain the full server path of your upload folder.

the upload path in preferences must be the full path, not URL.

so in your instance, it should be

/home/rbcinfo/public_html/rbc/uploads/files

3

Re: WF-Downloads 3.2, unable to upload

2008/11/2 16:01
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

make sure you have defined the uploads path properly and that it has the correct permissions.

allow_url_fopen does not have to be enabled for wfdownloads to work.

4

Re: XOOPS 2.3: WF-Links & MyTube compatibility

2008/10/24 17:42
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

Quote:

The recent repeated comments on ICMS forums from your leaders trying to scare people, and your above negative announcement related to XOOPS 2.3, shows clearly that there is a lot of FUD coming from ICMS side. Because you're on the other side of the fence, I'm sure you'll see things differently

scare people, i don't see it like that.

i have seen comments from people saying that some modules do not work on XOOPS 2.3 because there are some changes that have been made which can break compatibility with XOOPS 2.0 modules. and if you think that is scaremongering, then i think you are also holding a huge grudge towards them, and in which case you can't offer an unbiased opinion about them.

so what are the changes from XOOPS 2.0.x and 2.3.1? there is no information at all. module developers are having to do trial and error.

there is differences YES. for 1 instance. in XOOPS 2.0, mail was using function &getMailer() but in 2.3 this function was renamed to xoops_getMailer()

that 1 simple change is enough to break compatibility because unless the module developer changes references to that in his modules, then mail system of the module will not work.

without proper information on changes like that, how do developers know what to do and what to look out for?

i can see their anger over there, and i can also see their point to an extent. It WAS promised by XOOPS devs that ALL modules that currently work with XOOPS 2.0.18 will work with XOOPS 2.3, but that isn't true, because clearly they don't all work.

5

Re: 2.3.1 - Administrator username changed to Administra

2008/10/19 21:47
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

Quote:

GPboarder wrote:

I was viewing the profile of the Administrator account and making changes to the field I have called birthday.

that is pretty clear english to me. he was making changes to the birthday field, not the username. i am not wrong.

but lets wait for gpboarder.

6

Re: 2.3.1 - Administrator username changed to Administra

2008/10/19 16:01
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

ok i concede ;)

i realise americans don't have a sense of humour. otherwise Mcain would be president by now

7

Re: 2.3.1 - Administrator username changed to Administra

2008/10/19 15:52
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

Quote:

Now that's a flame......

correct! but my previous wasn't. i'm glad someone here knows the difference between a flame and sarcasm.

back on topic, there is obviously something wrong somewhere which is not user error, and that was my whole point.

8

Re: 2.3.1 - Administrator username changed to Administra

2008/10/19 15:40
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

but javesey, he didn't even change his username, he only changed his birthdate, but his username was changed also, and that is not correct operation. the only field that should have been changed was the birthdate.

9

Re: 2.3.1 - Administrator username changed to Administra

2008/10/19 15:36
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

if that's what you call a flame, you need to read a dictionary.

so lets put this into perspective shall we.

1. GPBoarder created an account with the name "Administrator".
2. he was able to login using the name "Administrator" because that is what his username was.
3. he edited his profile, but he did NOT change his username or want to change his username.
4. he submitted his changed birthdate in his profile, but he did not change or want to change his username.
5. he logged out.
6. he tried to login again with his username of "Administrator" as he had done so many times before.
7. He was unable to login.
8. he discovered that his username had been changed to "Administra".
9. he now has to login with the username "Administra" instead of his usual "Administrator" name.

now tell me that there is not a bug, why was his username changed when he didn't even attempt to change his username, only the birthdate field should have been changed.

please tell me that that is not a bug, and from what you are saying it is proper behaviour? because in my eyes that is totally wrong.

10

Re: 2.3.1 - Administrator username changed to Administra

2008/10/19 15:04
yeppers
Just popping in
Posts: 27
Since: 2008/9/15

no.. maximum length in a form field should determine how many characters you can type into that field. do you guys know basic HTML or what? or has HTML and basic programming been changed?

maximum characters in a form field does not mean it will be truncated.

does that mean the password field which has a maximum length of say 12 characters will be truncated if you enter a 16 character password? which effectively is changing your password to something different.

please go read HTML handbook.

if a field has maxlength of 10 characters it would be impossible for you to enter the word administrator because that is over 10 characters. the word is not being truncated in that case, it is simply stopping you from even typing in more than 10 characters. truncating means that a word or text will be cut off. ie a simple use of truncating is when a description is truncated in order to give you a summary of that description.

maxlength of 10 = you can NOT enter more than 10 characters, i mean physically you should not be able to type in more than 10 characters. but in this case you can enter more characters than the maxlength, but is being truncated, and that is not proper operation.

Stats
Goal:	$100.00
Due Date:	Apr 30
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Forum Index

Re: Security regarding the plain text login of Xoops 2.0

Re: WF-Downloads 3.2, unable to upload

Re: WF-Downloads 3.2, unable to upload

Re: XOOPS 2.3: WF-Links & MyTube compatibility

Re: 2.3.1 - Administrator username changed to Administra

Re: 2.3.1 - Administrator username changed to Administra

Re: 2.3.1 - Administrator username changed to Administra

Re: 2.3.1 - Administrator username changed to Administra

Re: 2.3.1 - Administrator username changed to Administra

Re: 2.3.1 - Administrator username changed to Administra

Login

Search

Recent Posts

Re: Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Rebuilding and Updating a 20 years old Xoops Website from 2.0.18? to 2.5.11

Re: NewBB v 5.1.0 b 6

Re: NewBB v 5.1.0 b 6

NewBB v 5.1.0 b 6

Re: XOOPS 2.5.11 search user is not working

Re: oledrion

Re: oledrion

Re: oledrion

Re: oledrion

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}