Oh - wow - how wrong I was. Sorry! I have two shops I used it the on last few days. Both had that file, when I first saw the directory. I assumed it is in the standard delivery, but did not verify.
Regards, Kai Am 13.09.2010 12:31, schrieb Marco Steinhaeuser: > Hi Kai, > > oxchkversion is not implemented in standard delivery. It has to be downloaded > from exchange: > http://www.oxid-esales.com/en/exchange/extensions/oxchkversion > > > Regards > Marco > > > > -----Ursprüngliche Nachricht----- > Von: [email protected] > [mailto:[email protected]] Im Auftrag von Kai Gazmaga > Gesendet: Montag, 13. September 2010 12:12 > An: [email protected] > Betreff: Re: [oxid-dev-general] Antw: oxchkversion.php potentialsecurity-flaw? > > Hi all, > > this hint shure is good, but I am convinced, many - especially CE-Users > - do not know about it or simply forget or do not care. If one does not want > to alter the script itself, I would prefer to remove it from the > standard-shipping-package and offer it as a download (maybe in oxid exchange > or in the wiki-downloads). This gives the functionality to those who need it, > but reduces security-issues in a standard-shop-installation. > > Regards, Kai > > > > Am 13.09.2010 08:44, schrieb [email protected]: >> Dear all, >> well, there's a comment from Marco stating that you should always delete >> oxchversion after using it: >> http://www.oxid-esales.com/de/news/blog/shop-checking-tool-oxchkversio >> n-v3#comment-6794 >> >> Regards, >> Martin >> >> >>>>> Kai Gazmaga <[email protected]> 13.09.2010 01:22 >>> >> Hello all together, >> >> As I uses the oxchkversion.php last days I came to the belief it could >> be a potential risk. If someone wants to attack an oxid-shop, the >> offender can see exactly, wich fixes are in the shop and analyze how >> to attack best. Would it not be better to integrate this function into >> the backend, or even secure it by requesting an admin-password. >> >> Regards, Kai >> >> ---------------------------------------------------------------------- >> -- >> >> *Vektor*Design - Web-Programmierung >> >> Kai Gazmaga >> Neue Strasse 83 >> 89 073 Ulm >> >> Tel.: 0731 / 37 81 953 >> Fax: 0731 / 37 81 952 >> >> Mail: [email protected] >> >> Web: http://www.vektordesign.de >> >> >> >> >> >> _______________________________________________ >> dev-general mailing list >> [email protected] >> http://dir.gmane.org/gmane.comp.php.oxid.general >> >> >> _______________________________________________ >> dev-general mailing list >> [email protected] >> http://dir.gmane.org/gmane.comp.php.oxid.general > _______________________________________________ > dev-general mailing list > [email protected] > http://dir.gmane.org/gmane.comp.php.oxid.general > _______________________________________________ > dev-general mailing list > [email protected] > http://dir.gmane.org/gmane.comp.php.oxid.general _______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
