Hi, I've committed code to bakesale and use it myself, i would be interested to hear what you've found. I can also confirm you never contacted the bakesale team. Onto your image :
The system doesn't look like its released any useful data? The output your showing is on the demo site, which is deliberately unsecured to allow people to test the admin interface. Were you able to re-create your results on your own server? If you want to help, by all means apply to be a part of the bakesale cakeforge group and commit updated and more secure code, i am sure we would welcome the help. We are soon going to move to 1.2 and will be using the security class you talked about in a post you made 34 hours ago, which should close a few holes. Or if not how about submit the holes you've found, ideally with solution code via our bug tracker on google code : http://code.google.com/p/bakesale/issues/list <rant> > I'm not trying to make trouble here Your also not being constructive, don't just troll without even talking to the people who can change things for the better, or fully understanding what your criticizing. > So, if you're > thinking about using BakeSale, make sure that you take a good look at > the code before you use it, especially if you're going to be saving > credit card numbers in your database. Bakesale does NOT store CC information, it uses external payment gateways e.g. paypal. </rant> Drayen. On Aug 1, 3:38 am, housebolt <[EMAIL PROTECTED]> wrote: > There's nothing to disclose. I haven't given out anything, and it's > blatantly apparent. There is not one single security measure in place > within the code, so I would have to disclose the entire code base. > > I'm not trying to make trouble here, I'm just warning people about the > danger of using BakeSale "straight out of the box". > > I would be fine if they were marketing it as a basic starting point > for building a shopping cart, but they're making it out to be a > complete product. > > On Jul 31, 7:30 pm, "Dr. Tarique Sani" <[EMAIL PROTECTED]> wrote: > > > On 8/1/07, housebolt <[EMAIL PROTECTED]> wrote: > > > > I was just taking a look at bakesale for some ideas on building my own > > > shopping cart. > > > > Please don't use bakesale in its current form without looking into its > > > security issues. > > > Did you contact the deveopers of Bakesale about this before disclosing here? > > > If yes what was the response? > > > Tarique > > > -- > > ============================================================= > > Cheesecake-Photoblog:http://cheesecake-photoblog.org > > PHP for E-Biz:http://sanisoft.com > > ============================================================= --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Cake PHP" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/cake-php?hl=en -~----------~----~----~----~------~----~------~--~---
