CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • Security testing
Pages: [1]

Author Topic: Security testing  (Read 1074 times)

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Security testing
July 30, 2008, 10:13:00 am
Hi

Just read about ratproxy
http://code.google.com/p/ratproxy/wiki/RatproxyDoc

Is this something that one of you have used on civicrm ?

X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Security testing
July 30, 2008, 11:42:04 am

No, but would be super awesome, if you installed it, played with it and then let us know whether we should use it and why. If so, maybe you can step up and be the community security lead and liason for CiviCRM?

In 2.1, we've integrated with http://php-ids.org. We are fairly happy with the focus and direction of that project (and also the response time to some of our queries)

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Security testing
July 31, 2008, 12:30:17 pm
Installed, so far, it plays with me much more that I play with it, but the things that it throw might end up meaning something.

First impression: it looks like the search ajax api is called everytime a page loads. Not a security issue, but it increases the load on the server for no reason.

I might be as well that I didn't understand at all what it says (very true), but I've checked with firebug and it confirms my impression.

To be continued...

X+

P.S. If someone wants to try and is more competent that I am and find an security issue, please don't publish it here, contact the devs directly and first, to get a chance to fix it before the problem is public.
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Developer Discussion (Moderator: Donald Lobo) »
  • Security testing

This forum was archived on 2017-11-26.