XOOPS 
Forum
Forum Index General Forums Community Support Modules Support Themes Support Development International Support Module Hack Reviews Theme Designer Talk
  1. Board index / 
  2. XOOPS Community Support forums / 
  3. Q and A 
  4.  / Security Problem
Register
21
ajaxbr
Re: Security Problem

  • 2004/6/1 4:00

  • ajaxbr

  • Quite a regular

  • Posts: 276

  • Since: 2003/10/25


I see, no network problem then.
This scares me a bit and makes me way too curious to leave it alone, so sorry for my insistence. Browsing thru XOOPS code I realized I couldn't identify the core user identification stuff even if it ran over me riding a mad cow , so I went after your other setup stuff.

It seems that Apache 1.3.29 has a cookie bug in mod_usertrack which might be worth a check: apache mainpage and bugzilla entry.

PHP 4.3.4 has a couple funky *printf() bugs and those functions are used to get and put values from/into lots of things (present in 124 files in 2.0.6), perhaps another place to look.

I couldn't see anything suspicious in MySQL 4.0.18, but here's the link with bugfixes anyway.

Perhaps some phpinfo() could give other clues... is mod_usertrack there?
22
ReCkage
Re: Security Problem

  • 2004/6/5 4:09

  • ReCkage

  • Just popping in

  • Posts: 39

  • Since: 2004/5/24


OK some bad news, after a few days of extensive testing, the problem is happening again. This is a major issue, my group has put 2 solid months into creating this portal for a school and it goes in production in 2 weeks. Does anyone have any ideas.
23
ajaxbr
Re: Security Problem

  • 2004/6/5 5:09

  • ajaxbr

  • Quite a regular

  • Posts: 276

  • Since: 2003/10/25


phpinfo(), mod_usertrack?
24
ReCkage
Re: Security Problem

  • 2004/6/5 18:45

  • ReCkage

  • Just popping in

  • Posts: 39

  • Since: 2004/5/24


?
25
ReCkage
Re: Security Problem

  • 2004/6/5 18:55

  • ReCkage

  • Just popping in

  • Posts: 39

  • Since: 2004/5/24


One more problem just found.

We have multiple people in the webmasters group, but now I am not able to delete them from that group.
26
Stewdio
Re: Security Problem

  • 2004/6/5 19:20

  • Stewdio

  • Community Support Member

  • Posts: 1560

  • Since: 2003/5/7 1


Quote:

ReCkage wrote:
One more problem just found.

We have multiple people in the webmasters group, but now I am not able to delete them from that group.


A fix for this will be in 2.0.7
27
JackJ
Re: Security Problem

  • 2004/6/5 19:36

  • JackJ

  • Community Support Member

  • Posts: 747

  • Since: 2003/8/31


Yes, and their is currently a CVS fix

Download this file called main.php

http://www.macambridge.com/main.zip

And upload to:

modules/system/admin/groups/main.php

Backup your original first
28
file2mail
Re: Security Problem

  • 2004/6/11 9:34

  • file2mail

  • Just popping in

  • Posts: 27

  • Since: 2004/5/23


Do you have any caching turned on?
caching of block or modules?

...because i have found caching to produce problems similar to this...

for example, caching of the user login block can cause someone elses login information to be always cached, so when another user goes to login, soemone elses username is already there... this has happened to me on all versions of XOOPS that ive used with caching
29
ReCkage
Re: Security Problem

  • 2004/6/11 13:36

  • ReCkage

  • Just popping in

  • Posts: 39

  • Since: 2004/5/24


No all caching is turn off.

Though when we turned on debugging we noticed that every user ends up with the exact Session ID. Anyone know why I would this be happening.
30
krystinevo
Re: Security Problem

Did this problem ever get resolved?

I'm currently pitching XOOPS to my boss for a members only website (for a non-profit) in which only high-level users will have access to sensitive/confidential documents.

I can just see my head being handed to me on a platter should a regular user inadvertantly gain access to the Executive Director's documents

Thanks muchly,

Kristine
« 1 2 (3) 4 5 6 »

Login

Register now!  |  Lost Password?

Search

Advanced Search

Recent Posts

Who's Online

179 user(s) are online (113 user(s) are browsing Support Forums)

Members: 0

Guests: 179

more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Feb 28
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits