Logo   Logo
   
Navigation
  · Home
· Advertising
· AvantGo
· Credits
· Downloads
· FAQ
· Feedback
· Forums
· Journal
· Private Messages
· Recommend Us
· Reviews
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Top 10
· Topics
· Web Links
· Your Account
  

Advertising
 
64BIT Development - Home of 1CMS

  

1CMS:  New Security Filtering
 
1CMS In an effort to increase security, today I tried to implement some of the new security filtering practices first seen in PHP-Nuke 7.9.  Unfortunately, I discovered some major flaws in that new function including the fact that it strips 99% of the HTML editors formatting rules.

The bottom line is that the filtering rules included with PHP-Nuke 7.9 (and Patched 7.9) are simply wrong and I will need to setup another test domain to figure out exactly how to fix them, though I already have several ideas on the subject.

The intention is to get to a point where all queries are pre-filtered against rules that define permissions and prevent XSS and other known vulnerabilities.

The upside is that once every input field has been defined this way, it should really "harden" nuke against vulnerabilities that have been "Patched" (band aided if you will) since Nuke's inception.

The downside is that once again, every block and module will need to be recoded along with Nuke's primary files and all includes.  A great deal of work to say the least.

Anyway, work continues in that direction.
Thanks for your patience while I try to make "1CMS" ready for distribution!

Steph Benoit (64bitguy)
Webmaster, "1CMS" Developer

Posted on Wednesday, October 12, 2005 @ 12:14:28 EDT by 64bitguy
 
 

"New Security Filtering" | Login/Create an Account | 0 comments
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
 
Login
 
Nickname

Password

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.
  

Related Links
  · More about 1CMS
· News by 64bitguy
Most read story about 1CMS:
''Giving Credit Where Credit Is Due'' Work Continues

  

Article Rating
 
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad

  

Options
 
 Printer Friendly Printer Friendly

  

Associated Topics

64BIT Development

Aggregate or Syndicate 64BIT Development News and Forum Posts! All feeds are of course 100% Validated and Compliant!
Use RSS 0.92 Forum Topics for Forums data as well as RSS 0.92 or RSS 2.0 or Atom 1.0 for Newsfeeds!  For flat text News use ultramode.txt

All logos and Trademarks published within this site are property of their respective owner(s).  All comments are property of their posters, all the rest Copyright © 2005, 2006, 2007, 2008 by Stephen Benoit.
64BIT.US™, 1CMS™ and 1CMS.ORG™ are Trademarks of 64BIT Development d/b/a Stable Technologies, a New Hampshire company.  All rights reserved.

'1CMS' Copyright © 2005, 2006, 2007, 2008 by Steph Benoit (64bitguy).  1CMS is loosely based PHP-Nuke, Copyright © 2003 by Francisco Burzi.
PHP-Nuke is free software redistributed under either Version 2 license of GNU GPL.

Page Generation: 0.10 Seconds
64bit.us
HTML 4.01 Total Compliance Validation! WCAG-A Total Compliance Validation! This Domain Is HTML 4.01 Transitional Compliant! This Domain Is CSS Compliant! Validated RSS Feeds! Valid robots.txt!
effectica.com