The Arcive of Official vBulletin Modifications Site.It is not a VB3 engine, just a parsed copy! |
|
|
|||||||
|
#1
05-26-2011, 10:15 PM
|
||||
|
||||
Modification Security
With the recent SQL Injection issues present in a lot of plugins, it would be great if there were a way for VB.org to automate modification security audits (on attaching files to thread), this way it would save you the time of manually auditing and us getting our forums hacked.
|
|
#2
05-26-2011, 10:26 PM
|
||||
|
||||
|
There is a plugin out there, implementing cracker tracker, which is a php-allround-security solution.
https://vborg.vbsupport.ru/showthread.php?t=110030 I just checked the code, it should work with all current vbulletin versions as well, since it doesn't rely much on vbulletin structures. You might want to check that out if you're that concerned.
|
|
#3
05-27-2011, 06:29 PM
|
||||
|
||||
|
Quote:
|
|
#4
05-27-2011, 07:22 PM
|
||||
|
||||
|
I think I'm gonna start a security plugin tomorrow. Can't believe there isn't something around here yet.
|
|
#5
05-27-2011, 07:22 PM
|
||||
|
||||
|
Automated modification security? I can't even imagine writing the script to do that. Besides that, we like mods to be uploaded as zip files so all the files are together in one place.
And, as Joe stated, we've had one plugin lately that had a security problem. The last time we had something quarantined for a security reason was last June.
|
|
#6
06-21-2011, 07:06 AM
|
||||
|
||||
|
Quote:
According to the vb.com thread about the latest SQL injection issues, a ton of plugins are currently susceptible, but no one really knows until they get hacked. A few plugins that were confirmed to be insecure (some got fixed) were "Advanced Rules" and "Admin Log In As User".
|
 |
«
Previous Thread
|
Next Thread
»
Linear Mode
|
|
All times are GMT. The time now is 01:12 PM.