Re: Security Problem [Q and A] - XOOPS Web Application System

41

Re: Security Problem

2004/7/10 2:48
nick89
Just popping in
Posts: 47
Since: 2004/7/9 8

How does your SERVER handle cookies?
if it doesn't record them - OR - it puts them all together than there would be a serious override issue (i think)

42

Re: Security Problem

2004/7/13 3:44
ReCkage
Just popping in
Posts: 39
Since: 2004/5/24

Anyone have any suggestions.

43

Re: Security Problem

2004/7/13 9:17
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

Either disable your modules and see if the problem persists or create another barebones install on the same server to see whether the problem is caused by your modules?

44

Re: Security Problem

2004/7/13 18:24
ReCkage
Just popping in
Posts: 39
Since: 2004/5/24

I have already gone through each module and none of them are causing the problem. Also the XOOPS site that we created has been customized to meet our needs and would require way to much work to start from scratch.

45

Re: Security Problem

2004/7/16 21:39
ajaxbr
Quite a regular
Posts: 276
Since: 2003/10/25

Quote:

ReCkage wrote:
I have already gone through each module and none of them are causing the problem. Also the XOOPS site that we created has been customized to meet our needs and would require way to much work to start from scratch.

And that can be the very cause of your problems, this customization. You could simply find another server (if you want mine, PM me) and install a complete mirror there (database + files). That would make it clear whether you have server or CMS problems. If we find that it's the CMS, you can try solving it more aggressively in the mirror (I didn't mean "turn each module off", I meant "turn'em all off

).

46

Re: Security Problem

2004/7/18 9:08
Basie
Just popping in
Posts: 12
Since: 2004/7/3 2

We are now experiencing what sounds like exactly the same problem. Visitors go to the site and find they are already logged on as somebody. Obviously this is a serious (and not isolated) security issue!

We're running v2.0.7.

47

Re: Security Problem

2004/7/18 9:22
nick89
Just popping in
Posts: 47
Since: 2004/7/9 8

I swear its a cookie problem.

48

Re: Security Problem

2004/7/18 9:29
Basie
Just popping in
Posts: 12
Since: 2004/7/3 2

Ok, we turned off custom session handling and the user who reported being logged in as somebody else was no longer able to do so.

???

Scary.

49

Re: Security Problem

2004/7/18 9:40
Basie
Just popping in
Posts: 12
Since: 2004/7/3 2

If a developer would like to look at our site, I think we would be willing to provide admin level access to it. PM me, I'll keep checking this thread and PM's.

50

Re: Security Problem

2004/7/19 4:01
ReCkage
Just popping in
Posts: 39
Since: 2004/5/24

We have tried seperate servers already, and the problem occured on both, and I know we have made some major changes to how XOOPS works but the problem was happening before the customization were done, we were hoping to have the problem fixed so we just kept on going with the construction. right now i have my programming team editing the 2.0.7 update since we cant just do a direct update. That should be done in the next few days.

And like the previous user said, a this point I would also be willing to give a XOOPS developer admin access to our site. We are now 2 weeks over our sceduled launch, and now have pushed it back another 4 months. Since this is a portal system created for a university and we must meet all the security concerns of the school we cannot have any problems before release.

Please PM if you are an admin willing to take a look.

Stats
Goal:	$100.00
Due Date:	Feb 28
Gross Amount:	$0.00
Net Balance:	$0.00
Left to go:	$100.00

Re: Security Problem

Re: Security Problem

Re: Security Problem

Re: Security Problem

Re: Security Problem

Re: Security Problem

Re: Security Problem

Re: Security Problem

Re: Security Problem

Re: Security Problem

Login

Search

Recent Posts

Re: Choice of editors for the Newbb module

Re: Choice of editors for the Newbb module

Re: Choice of editors for the Newbb module

Re: Choice of editors for the Newbb module

Re: Choice of editors for the Newbb module

Re: Choice of editors for the Newbb module

Choice of editors for the Newbb module

Re: AI circumvent anti spamm

Re: AI circumvent anti spamm

AI circumvent anti spamm

Who's Online

Donat-O-Meter

Latest GitHub Commits

{{ record.sha.slice(0, 7) }} - {{ record.commit.message | truncate }}