Not signed in (Sign In)

Categories

Vanilla 1.1.4 is a product of Lussumo. More Information: Documentation, Community Support.

Help keep Vanilla free:
Welcome Guest!
Want to take part in these discussions? If you have an account, sign in now.
If you don't have an account, apply for one now.

Fixes & Updates: Security issues and Framework usage

Bottom of Page

1 to 1 of 1

  1.  
    • CommentAuthormarkezz
    • CommentTimeApr 10th 2008
     # 1
    I started this discussion because of many security issues in some of vanilla's extensions including mysql-injection (see also brandocs post on the WhosOnline extension), actions users can perform (delete, edit rows from extension-specific tables) even if they are not logged in. i did a lot of rework on the plugins i use on my testing-site. the changes will be sent to the plugin-authors as soon as possible.

    Another point is that some of plugin-authors don't seem to use the frameworks mighty functionalities... Many of the extensions are for use with MySQL only because they use native functions like "mysql_query". Better use the SqlBuilder instead, just to give an example.

1 to 1 of 1

  1.  
Add your comments
    Username Password
  • Format comments as
 
Back to Discussions Top of Page