On Thu, 14 Mar 2002, Shlomi Fish wrote: > On Thu, 14 Mar 2002, Shachar Shemesh wrote: > > > One disadvantage PHP-nuke has is the ENORMOUS amounts of security > > problems that get discovered in it, on a regular bases. > > > > I remember several Zope vulnerabilities, too.
Zope is basically like PHP for this sense. Squishdot is an application built on top of zope like php-nuke (and others) are built on top of php/mysql . I hope that squishdot's installation instructions don't include a recommendation to 'chmod -R 777' a large portion of the installation tree. This was in php-nuke's insstallation instruction last time I looked, and maybe it is part of a general attitude of "whose gonna try to break into our site? whose gonna guess that we have *this* specific hole? it won't be the end of the world if it gonna take us a couple of monthes to fix it". That is not to say that other weblogs are like that (maybe some of them are...) -- Tzafrir Cohen /"\ mailto:[EMAIL PROTECTED] \ / ASCII Ribbon Campaign Taub 229, 972-4-829-3942, X Against HTML Mail http://www.technion.ac.il/~tzafrir / \ ---------------------------------------------------------------------------- To unsubscribe, send a message to [EMAIL PROTECTED] Archives available at http://www.mail-archive.com/[email protected]/
