2
hmmm whilst i agree that security is a big issue..
Xoops is pretty much secure in itself.. and development is on going, so i wouldn't worry about that too much..
but i think it would be a really bad idea to create a forum and get everybody posting vulnerabilities or security issues they have found in order for people to be able to fix them. for 1 such a forum would become a haven for hackers.. they would no longer need to spend all their time finding ways into peoples XOOPS sites, as they can simply then just view that forum and know what vulnerabilities or issues are there and then just go out and do it.. It would help them more than it would help us..
any security issues or vulnerabilities should be discussed in private and not in public..
that's my opinion anyway..
a few tips tho..
make sure file and folder permissions are set accordingly..
Install only the modules you actually require and use.. having more than you actually use can increase the risk of some1 finding a flaw somewhere..
Keep your server and modules and CMS etc up to date with the current versions and fixes.. It's surprising how many people don't actually upgrade because they don't want to go thru all the hassle of upgrading again and applying hacks.. but unfortunately it has to be done.. (if u have made hacks to files, make a note in a text file or something of every hack you have made and to what file etc)
i would also suggest a minimum password length of 8 characters
make sure any scripts you have are properly closed after the script has finished (more for programmers)
make sure you trust whoever you give admin rights too..
keep regular checks on your servers access logs, these can be a good source of detecting if somebody is trying to gain access somewhere..
well there's a few, and there's lots i've missed & probly more that i haven't even thought of..
