The only real security issue we ever worried about with witango, is SQL injection, and then just poor coding as it relates to login methodologies where there are "holes", that would occur on any platform. So you should always use BIND or database actions, not custom inserts/updates when user inputted data is going into a query.
Witango had a flaw that was patched, so make sure you are on the latest 5.5. Witango will be secure, because it has so little market share, no one is likely to work to exploit it. Anyway, other than that one buffer overflow security patch, I have not seen or heard of a security flaw that was related to witango, it has always been due to poor coding. -- Robert Garcia President - BigHead Technology VP Application Development - eventpix.com 15520 Coutelenc Rd Magalia, Ca 95954 ph: 530.645.4040 x222 fax: 530.645.4040 [email protected] - [email protected] http://bighead.net/ - http://eventpix.com/ On Dec 3, 2010, at 10:41 AM, Deutschendorf, Steve {Dutch} (MSFC-IS30) wrote: > Folks, > > We've had (Wi)Tango around for a dozen years and I can say it's been worry > free in our environment. The fact that it still functions after various > degrees of support (or not) over those years is a credit to the foundational > work. I can't say that I've seen much discussion on the security implications > of the product along the way, so let me ask... > > What are the security implications in remaining with v5.5 for some of our > legacy applications? Looks like we'll be moving to a different environment > over time (for various support reasons), so I just wanted to appreciate the > risk of hanging with my current version. I realize the product/OS support > will eventually force an upward migration. Are there current issues with > v5.5 that I may be unaware or is it by it’s very nature strictly dependent on > the security gaps in the OS or database? > > > Thanks, > > Steve Deutschendorf/IS30 > NASA/Marshall Space Flight Center > Office of the CIO/Applications Team > Phone: 256-544-2250 > > > To unsubscribe from this list, please send an email to [email protected] > with "unsubscribe witango-talk" in the body. ---------------------------------------- To unsubscribe from this list, please send an email to [email protected] with "unsubscribe witango-talk" in the body.
