SQL injection
This is a discussion on SQL injection within the v3.1 Questions & Support forums, part of the v3.1 Legacy Help & Support category; Where does 68Classifieds stand on SQL injection and other security concerns ? (yeah, I know "you're a'gin em")...
|
|||||||
 |
|
|
LinkBack | Thread Tools | Display Modes |
|
#1
07-17-2007, 02:26 PM
|
||||
|
||||
SQL injection
Where does 68Classifieds stand on SQL injection and other security concerns ?
(yeah, I know "you're a'gin em") 
|
|
#2
07-17-2007, 02:39 PM
|
||||
|
||||
We have hired a third party auditing firm which performed an initial audit on v3.1 and we feel pretty confident they found any series issues although I am sure things can change and it is a possibility that certain parts are not secure.
But we try to stay on top of it and if anything security related comes to our attention we try and fix it asap.
__________________
Eric Barnes 68 Classifieds Developer Please do not send me a private message asking for support. Instead use these open forums or our ticket system. Customer Area | Issue Tracker | Documentation | 68C Mods | Submit a Ticket | Twitter
|
|
#3
07-17-2007, 04:29 PM
|
||||
|
||||
|
Good to hear !
Is there a report available which shows the type of issues checked, what tests were run, what validation programs may have been used, etc. It might be nice to have some sort of statement for the FAQ page which describes the level of testing done, just to help people trust that their personal information is or can be protected. Can a user "select" which pieces of information is made available to listing viewers. I know I can change settings in the registration and listing pages but wondered if the person making the listing could be allowed to override the admin settings to limit or expand on which pieces of information they are comfortable showing. Obviously it is good to have as much information as possible collected at registration in order to contact or bill the listers. But each of us have varying levels of comfort with providing our personal information on public sites.
|
|
#4
07-17-2007, 07:48 PM
|
||||
|
||||
|
Quote:
As for the user overriding admin settuings its currently not supported but it would be a nice feature if the ad poster could override current setting for their ads.
__________________
Larry. (Please note: I am not a 68C employee. I am a customer and volunteer who helps with questions where I can and the forums spam free) Set your site apart from the competition with one of my modules...... Google Map Module | You Tube Module | Google Calendar Module 68 Classifieds Important Links Customer Area | Issue Tracker | Knowledge Base | User Manuals
|
|
#6
10-13-2008, 10:09 PM
|
||||
|
||||
|
Yes it was a vulnerability in v4.0.1 and we have been audited since:
68 Classifieds is Secured by GulfTech
__________________
Eric Barnes 68 Classifieds Developer Please do not send me a private message asking for support. Instead use these open forums or our ticket system. Customer Area | Issue Tracker | Documentation | 68C Mods | Submit a Ticket | Twitter
|
|
#7
10-14-2008, 08:54 AM
|
|||
|
|||
|
Quote:
|
|
| Bookmarks |
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Error in your SQL syntax; check the manual that corresponds to your MySQL | clairemary | v3.1 Questions & Support | 2 | 05-04-2007 01:03 PM |
| SQL Errors | wynnen | v3.1 Questions & Support | 5 | 04-03-2007 02:25 PM |
| SQL Image Error | djm | v3.1 Questions & Support | 2 | 10-23-2006 07:39 PM |
| Membership, listing packages & SQL error | akm | v3.1 Questions & Support | 6 | 06-26-2006 10:12 AM |
| SQL errors after Paymate transaction | Bucketman | v3.0 Questions & Support | 5 | 06-02-2006 10:35 AM |
All times are GMT -4. The time now is 05:20 PM.
