Ok, extensive research on the subject says that this is indeed the case! Wow. Ok, I amend the previous with that...there are no KNOWN exploits for MPN. PostNuke is still easier to add stuff to and to customize though :) -----Original Message----- From: little bark, BIG BYTE!! [mailto:[EMAIL PROTECTED]] Sent: April 16, 2002 9:22 PM To: Scott Duncan Cc: [EMAIL PROTECTED] Subject: RE: [e-smith-devinfo] Postnuke Security
Who, me? :-) Yes I am, and what you say below about PAM rings true. I would like to say though that although exploits are always possible, NONE of the existing or past exploits that have affected the other Nukes has also affected myPHPNuke. To this date, there have been NO found security exploits for myPHPNuke. A bold statement but true. Garret On Tue, 2002-04-16 at 18:22, Scott Duncan wrote: > > LOL...yer on the dev team aren't you! :) > > Ok, I will say this. If you want to have integrated multi-level access > rights for your content, then MPN is the way to go, it has no competition. > > But just don't try to expand it at all :) > > If you don't care about the integrated security features, then PostNuke is > the way to go. > > ALL of the above have certain exploits that can be used against the admin > features, which brings me back to my original post :) > > The "Nuke-esque" CMS you chose is not relevant if you force PAM to > authenticate the admin files. The sample template I posted will challenge > for the iBay password EVEN IF you set it for "entire internet-no password > required", so it is vital you set the iBay password. > > This WILL foil all remote exploits against these files. > > -----Original Message----- > From: little bark, BIG BYTE!! [mailto:[EMAIL PROTECTED]] > Sent: April 16, 2002 6:51 PM > To: Scott Duncan > Subject: RE: [e-smith-devinfo] Postnuke Security > > I'd have to take issue with the stability statement, and about the mods, > other than for perhaps myegallery. It may not handle too much "playing" > with, but does exactly as advertised: Secure, Integrated and STABLE. :-) > > IMHO > Garret > > On Tue, 2002-04-16 at 16:31, Scott Duncan wrote: > > HUGE difference... > > > > MPN has access level controls, unfortunately all the mods don't quite work > > and is not as stable as Rogue(Postnuke) or PHPNUKE. > > > > I notice a lot of STRANGE stuff whenever I do ANY playing with it. > > > > -----Original Message----- > > From: Brandon Friedman [mailto:[EMAIL PROTECTED]] > > Sent: April 16, 2002 5:07 PM > > To: little bark, BIG BYTE!! > > Cc: Mitel Devinfo List > > Subject: Re: [e-smith-devinfo] Postnuke Security > > > > myphpnuke > > NOT phpnuke? > > Is there a difference? > > > > little bark, BIG BYTE!! wrote: > > > > > myPHPNuke carries the greatest out of the box security of all the Nukes. > > > It is also the most integrated. > > > > > > Garret > > > > > > On Mon, 2002-04-15 at 16:13, Brandon Friedman wrote: > > > > > >>I remember reading a security advisory a while back regarding postnuke? > > >> > > >>Is it still an insecure package? > > >> > > >> > > >>What other packages are available for content management that run on > SME? > > >>-- > > >> > > >>Regards > > >>Brandon Friedman > > >>Cell:083 408 7840 > > >>E-mail: [EMAIL PROTECTED] > > >>www.bfconsult.co.za > > >> > > >> > > >>-- > > >>Please report bugs to [EMAIL PROTECTED] > > >>Please mail [EMAIL PROTECTED] (only) to discuss security issues > > >>Support for registered customers and partners to [EMAIL PROTECTED] > > >>To unsubscribe, e-mail: [EMAIL PROTECTED] > > >>For additional commands, e-mail: [EMAIL PROTECTED] > > >>Archives by mail and > > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > >> > > >> > > > > > > > > > > > > -- > > > Please report bugs to [EMAIL PROTECTED] > > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > > Support for registered customers and partners to [EMAIL PROTECTED] > > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > > For additional commands, e-mail: [EMAIL PROTECTED] > > > Archives by mail and > > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > > > > > > > > -- > > > > Regards > > Brandon Friedman > > Cell:083 408 7840 > > E-mail: [EMAIL PROTECTED] > > www.bfconsult.co.za > > > > > > -- > > Please report bugs to [EMAIL PROTECTED] > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > Support for registered customers and partners to [EMAIL PROTECTED] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archives by mail and > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > > > > -- > > Please report bugs to [EMAIL PROTECTED] > > Please mail [EMAIL PROTECTED] (only) to discuss security issues > > Support for registered customers and partners to [EMAIL PROTECTED] > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > Archives by mail and > http://www.mail-archive.com/devinfo%40lists.e-smith.org > > > > > -- Please report bugs to [EMAIL PROTECTED] Please mail [EMAIL PROTECTED] (only) to discuss security issues Support for registered customers and partners to [EMAIL PROTECTED] To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archives by mail and http://www.mail-archive.com/devinfo%40lists.e-smith.org
