Forum

This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.
Sentora Support Forums General Forums - (Non-Sentora Support) General Discussions (Non-Support Related) v Sentora - General Security Warning ?

Sentora - General Security Warning ?
KwiceroLTD Offline
Sentora Member
*
OS: Debian Wheezy
Version: 1.0.0
Server: Dedicated
Posts: 14
Threads: 1
Joined: Mar 2015
Reputation: 1
Thanks: 3
Given 0 thank(s) in 0 post(s)
#6
RE: Sentora - General Security Warning ?
 03-20-2015, 04:14 AM
(03-19-2015, 07:47 AM)TGates Wrote: Yes, we know there are no know flaws in security right now. They have not shown any proof that the current release has any. If they do find them and post them up, we of course will jump right on it!

EDIT: They provided proof and good examples of the issues. Now we have something to work from then just 'vulnerabilities' LOL

I'm saddened by your immaturity on this matter. Security is very important.
There are multiple, MULTIPLE issues in this, and I don't even do auditing for a living or as a hobby.
Code:
$sql = $zdbh->prepare("INSERT INTO $database.$table_name $insert");

Just a prime example, a safer practice would be:
Code:
$sql = $zdbh->prepare("INSERT INTO ?.? ?");
$sql->execute(array($database, $table_name, $insert));

Therefore removing the possibility of SQL injection.
My opinions are mine and mine alone. They do not reflect the opinions of my company, staff, and it's affiliates.
Find
Reply
Thanks given by:


Messages In This Thread
Sentora - General Security Warning ? - by Active8 - 03-19-2015, 02:06 AM
RE: Sentora - General Security Warning ? - by KwiceroLTD - 03-20-2015, 04:14 AM

Possibly Related Threads…
Thread Author Replies Views Last Post
2 hosted domains on sentora. only 1 resolving kevwebbie 6 219 11-16-2024, 12:52 PM
Last Post: TGates
Can anyone suggest best Sentora alternative servermaster 3 1 ,488 11-15-2024, 05:39 PM
Last Post: billmorgan
Sentora 2.0 Beta Ron-e 6 14 ,736 01-01-2022, 11:56 AM
Last Post: TGates

Forum Jump:


Users browsing this thread: 9 Guest(s)