Interesting chat, guys.

Thank you, Vaughan, for thinking of XOOPS users. Thank you, Wishcraft, for updating the module so quickly.

Please can you both remember to keep your posts civil and polite in future? There's no place on here for personal abuse. If there's any doubt as to what is acceptable, please see this.

Also, there's no place on here for a public inter-project dispute. Both projects have a lot in common (obviously!) and users from on here have been treated curteously when posting over on impresscms.org; I expect the same standards on here when impresscms.org members and devs post.

Thank you both

John V
Forum Moderator

Hi wishcraft, Vaughan, JAVesey and all xoopers.

The issue here is advise the developer on the problem and this is completely ignored.

It is a pity that in my paiz not have a person who honestly tell me about a security point where is the problem and proposing a solution.

This is independent of cms being used. But there is a real difference in this aboradagem, verification of entry and verification of removal.

In this case, the module allows the failure to inject the malicious code, that is a fact and is proven.

The developer corrects this problem very quickly. But this does not guarantee that will be safe. The reason is the output of data. The hacker has prevented at the time the module has failed to deploy another code to extract data and using a javascript common?

The answer to this is the way to check the output of data. At this point there is a differential in favour of XOOPS Cube and XOOPS and impresscms are still vulnerable.

What I am talking here is based on our experience in suffering with this type of problem, because we already know of some practices used by crakers and idiots who insist on trying misrepresenting the house outside.

Thank you Giba.

Quote:

This is why it is important that relations between the projects remain civil and cordial; we can all learn from one another to our collective mutual benefit.

Egos and personal disputes should be set aside.

Thanks Vaughan for sticking with that explanation to the end.

Wishcraft - Thanks for the work you're doing for XOOPS but you really need to keep an open mind when it comes to web server security and potential problems - exploits are rarely obvious these days.

I'm working my way through this book at the moment.. it's well reviewed... http://www.oreilly.com/catalog/phpsec/