Forum

This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Sentora Support Forums General Forums - (Non-Sentora Support) General Discussions (Non-Support Related) v Sentora - General Security Warning ?

Sentora - General Security Warning ?
TGates Offline
Sentora Council - Head of Support Team
*******
OS: Ubuntu 20.04 LTS
Version: 2.0.2
Server: i7-6700K @ 4GHz, 8 cores 32GB Ram
Posts: 3 ,603
Threads: 234
Joined: May 2014
Reputation: 84
Sex: Male
Thanks: 396
Given 575 thank(s) in 443 post(s)
#17
RE: Sentora - General Security Warning ?
 03-21-2015, 02:24 AM
(03-20-2015, 04:14 AM)KwiceroLTD Wrote:
(03-19-2015, 07:47 AM)TGates Wrote: Yes, we know there are no know flaws in security right now. They have not shown any proof that the current release has any. If they do find them and post them up, we of course will jump right on it!

EDIT: They provided proof and good examples of the issues. Now we have something to work from then just 'vulnerabilities' LOL

I'm saddened by your immaturity on this matter. Security is very important.
There are multiple, MULTIPLE issues in this, and I don't even do auditing for a living or as a hobby.

Code:
$sql = $zdbh->prepare("INSERT INTO $database.$table_name $insert");

Just a prime example, a safer practice would be:

Code:
$sql = $zdbh->prepare("INSERT INTO ?.? ?");
$sql->execute(array($database, $table_name, $insert));

Therefore removing the possibility of SQL injection.

As a note on this one, the devs did go through the panel and convert to PDO bound parameters, ones like these must have just been an oversite. Thanks for notifying us. This is the feedback we need.
-TGates - Project Council

SEARCH the Forums or read theĀ DOCUMENTATION before posting!
Support Sentora and Donate: HERE
Find my support or modules useful? Donate to TGates HERE
Developers and code testers needed!
Contact TGates for more information
Find
Reply
Thanks given by:


Messages In This Thread
Sentora - General Security Warning ? - by Active8 - 03-19-2015, 02:06 AM
RE: Sentora - General Security Warning ? - by TGates - 03-21-2015, 02:24 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
Can anyone suggest best Sentora alternative servermaster 1 585 12-22-2023, 10:41 AM
Last Post: TGates
Sentora 2.0 Beta Ron-e 6 12 ,450 01-01-2022, 11:56 AM
Last Post: TGates
Can not access Sentora ThomasMoss 4 6 ,650 01-01-2022, 10:41 AM
Last Post: TGates

Forum Jump:


Users browsing this thread: 1 Guest(s)