vb.org Archive - Are plugins safe?

Page 2 of 2

Show 40 post(s) from this thread on one page

vb.org Archive (https://vborg.vbsupport.ru/index.php)

- vBulletin.org Site Feedback (https://vborg.vbsupport.ru/forumdisplay.php?f=7)

- - Are plugins safe? (https://vborg.vbsupport.ru/showthread.php?t=109041)

Andreas

02-27-2006 09:15 PM

File Datastore doesn't unserialize.

@Paul M
I didn't say that using a certain plugin is always a security risk, I said that using custom modifications (eg. that includes all modifications) is always a security risk.

If there were only two plugins, ohne that echos "Hello World" and another one that make that makes the calling user admin.
Now, if there is the question "Are plugins save?", what would you answer without going into detail for specific hacks, etc.?

Trigunflame

02-27-2006 09:20 PM

Quote:

Originally Posted by Andreas

File Datastore doesn't unserialize.

The filebased datastore many not serialize but my original point still stand :)

Regardless, its still loading uncompiled data in that pluginlist array which is stored in memory during the request.

ps. forgot about it using var_export, ive always used eaccelerator personally.

tehste

02-28-2006 01:55 PM

Quote:

Originally Posted by Trigunflame

Trigun have you benchmarked a board using your accelerator against the file datastore? I would be interested in the results.
I'm genuinely interested in this by the way it's not a redundant question.

Maybe there should be more tick box things (in the forthcoming, elusive, hack db) like:
inserts to db
changes permission stuff
could mess up
etc.
A little self regulation could help people make the right choice :)

Cap'n Steve

03-03-2006 06:26 AM

Quote:

Originally Posted by Andreas

Using custom modifications is always a security risk!

Running any kind of code is a security risk. You just trust Jelsoft to write better code than most.

Erwin

03-04-2006 01:01 AM

People with multiple web servers can't really use file datastore and have to use either eA or memcache which has their own issues.

Robbed

03-04-2006 01:05 AM

Even if you use no hacks it still can be a security risk lol

Code Monkey

03-04-2006 02:47 AM

Leaving your home is a security risk.
Using the telephone is a security risk.
Having friends is a security risk.
Drinking tap water is a security risk.
Etc,etc, etc......

All times are GMT. The time now is 02:58 AM.

Page 2 of 2

Show 40 post(s) from this thread on one page

X vBulletin 3.8.12 by vBS Debug Information
Page Generation 0.00986 seconds Memory Usage 1,728KB Queries Executed 10 (?)
More Information
Template Usage: (1)ad_footer_end (1)ad_footer_start (1)ad_header_end (1)ad_header_logo (1)ad_navbar_below (3)bbcode_quote_printable (1)footer (1)gobutton (1)header (1)headinclude (6)option (1)pagenav (1)pagenav_curpage (1)pagenav_pagelink (1)post_thanks_navbar_search (1)printthread (7)printthreadbit (1)spacer_close (1)spacer_open Phrase Groups Available: global postbit showthread	Included Files: ./printthread.php ./global.php ./includes/init.php ./includes/class_core.php ./includes/config.php ./includes/functions.php ./includes/class_hook.php ./includes/modsystem_functions.php ./includes/class_bbcode_alt.php ./includes/class_bbcode.php ./includes/functions_bigthree.php Hooks Called: init_startup init_startup_session_setup_start init_startup_session_setup_complete cache_permissions fetch_threadinfo_query fetch_threadinfo fetch_foruminfo style_fetch cache_templates global_start parse_templates global_setup_complete printthread_start pagenav_page pagenav_complete bbcode_fetch_tags bbcode_create bbcode_parse_start bbcode_parse_complete_precache bbcode_parse_complete printthread_post printthread_complete
Messages: