On Wed, 08 Mar 2006 21:24:07 -0800, Jonathan Duncan
<[EMAIL PROTECTED]> wrote:
On Wed, 8 Mar 2006, Ross Werner wrote:
What kind of "frightening security breaches" are we talking here, out
of curiousity? I mean, let's say (hypothetically speaking) I was
running a phpBB on remote hosting on a computer I didn't even have
shell access to (I don't even think it's set up to allow PHP to run
commands), and I do nightly backups of the phpBB data. Do I have
anything at all to worry about?
The breaches I was referring to were the ones that other people replying
to this thread were mentioning. I am not quite sure I understand the
scenario you presented. Most web servers are run on "remote" machines,
if by remote you mean that you are not sitting at the actual machine.
Heh, true. Basically by "remote" I meant a computer that I don't own, and
that I don't use for anything else apart from being a web server. (So it's
not going to have, for example, development tools or personal data and so
forth.)
The most recent big security bug can be read about here:
http://news.netcraft.com/archives/2005/12/22/exploit_targets_new_phpbb_security_hole.html
Looks like you have to have HTML enabled for that one. Is that true of
most phpBB exploits?
I hope this helps. Your mileage may vary, of course.
Thanks for the info.
~ Ross
/*
PLUG: http://plug.org, #utah on irc.freenode.net
Unsubscribe: http://plug.org/mailman/options/plug
Don't fear the penguin.
*/
