Hi Kai, oxchkversion is not implemented in standard delivery. It has to be downloaded from exchange: http://www.oxid-esales.com/en/exchange/extensions/oxchkversion
Regards Marco -----Ursprüngliche Nachricht----- Von: [email protected] [mailto:[email protected]] Im Auftrag von Kai Gazmaga Gesendet: Montag, 13. September 2010 12:12 An: [email protected] Betreff: Re: [oxid-dev-general] Antw: oxchkversion.php potentialsecurity-flaw? Hi all, this hint shure is good, but I am convinced, many - especially CE-Users - do not know about it or simply forget or do not care. If one does not want to alter the script itself, I would prefer to remove it from the standard-shipping-package and offer it as a download (maybe in oxid exchange or in the wiki-downloads). This gives the functionality to those who need it, but reduces security-issues in a standard-shop-installation. Regards, Kai Am 13.09.2010 08:44, schrieb [email protected]: > Dear all, > well, there's a comment from Marco stating that you should always delete > oxchversion after using it: > http://www.oxid-esales.com/de/news/blog/shop-checking-tool-oxchkversio > n-v3#comment-6794 > > Regards, > Martin > > >>>> Kai Gazmaga <[email protected]> 13.09.2010 01:22 >>> > Hello all together, > > As I uses the oxchkversion.php last days I came to the belief it could > be a potential risk. If someone wants to attack an oxid-shop, the > offender can see exactly, wich fixes are in the shop and analyze how > to attack best. Would it not be better to integrate this function into > the backend, or even secure it by requesting an admin-password. > > Regards, Kai > > ---------------------------------------------------------------------- > -- > > *Vektor*Design - Web-Programmierung > > Kai Gazmaga > Neue Strasse 83 > 89 073 Ulm > > Tel.: 0731 / 37 81 953 > Fax: 0731 / 37 81 952 > > Mail: [email protected] > > Web: http://www.vektordesign.de > > > > > > _______________________________________________ > dev-general mailing list > [email protected] > http://dir.gmane.org/gmane.comp.php.oxid.general > > > _______________________________________________ > dev-general mailing list > [email protected] > http://dir.gmane.org/gmane.comp.php.oxid.general _______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general _______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
