Account Options

  1. Sign in
The old Google Groups will be going away soon.
Switch to the new Google Groups.
Google Groups Home
« Groups Home
Gelato CMS
Home
+ new post
About this group
Join this group
Security hole
Options
There are currently too many topics in this group that display first. To make this topic appear first, remove this option from another topic.
There was an error processing your request. Please try again.
flag
   7 messages - Collapse all  -  Translate all to Translated (View all originals)
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
 
From:
To:
Cc:
Followup To:
Add Cc | Add Followup-to | Edit Subject
Subject:
Validation:
For verification purposes please type the characters you see in the picture below or the numbers you hear by clicking the accessibility icon. Listen and type the numbers you hear
 
Francesco Terenzani  
View profile  
 More options Sep 4 2007, 6:26 am
From: "Francesco Terenzani" <f.terenz...@gmail.com>
Date: Tue, 4 Sep 2007 12:26:50 +0200
Local: Tues, Sep 4 2007 6:26 am
Subject: Security hole
Print | Individual message | Show original | Report this message | Find messages by this author
Hi all,
Nice project!
But actually everyone can create an (administrator) account just
running the install.php file and sending the form :P

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
drs.P.  
View profile  
 More options Sep 4 2007, 9:14 am
From: "drs.P." <spaces...@gmail.com>
Date: Tue, 04 Sep 2007 13:14:25 -0000
Local: Tues, Sep 4 2007 9:14 am
Subject: Re: Security hole
Print | Individual message | Show original | Report this message | Find messages by this author
Well it's rather normal to remove this file afrer installing I think,
but not harmfull by mentioning it in the readme.txt

On Sep 4, 12:26 pm, "Francesco Terenzani" <f.terenz...@gmail.com>
wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Francesco Terenzani  
View profile  
 More options Sep 4 2007, 9:54 am
From: "Francesco Terenzani" <f.terenz...@gmail.com>
Date: Tue, 4 Sep 2007 15:54:42 +0200
Local: Tues, Sep 4 2007 9:54 am
Subject: Re: Security hole
Print | Individual message | Show original | Report this message | Find messages by this author
> Well it's rather normal to remove this file afrer installing I think,

2007/9/4, drs.P. <spaces...@gmail.com>:

> Well it's rather normal to remove this file afrer installing I think,

mmm... I think is not rather normal for users :-)

> but not harmfull by mentioning it in the readme.txt

I think would be helpful ;-)

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Victor Bracco  
View profile  
 More options Sep 4 2007, 10:05 am
From: "Victor Bracco" <vbra...@gmail.com>
Date: Tue, 4 Sep 2007 16:05:43 +0200
Local: Tues, Sep 4 2007 10:05 am
Subject: Re: Security hole
Print | Individual message | Show original | Report this message | Find messages by this author
For example, somebody could create an account administrator in your
computer if you left placed the CD of Windows...

In the next release may have a better control of that.

Regards,

2007/9/4, Francesco Terenzani <f.terenz...@gmail.com>:

> > Well it's rather normal to remove this file afrer installing I think,
> 2007/9/4, drs.P. <spaces...@gmail.com>:

> > Well it's rather normal to remove this file afrer installing I think,

> mmm... I think is not rather normal for users :-)

> > but not harmfull by mentioning it in the readme.txt

> I think would be helpful ;-)

--
Victor Bracco
http://www.vbracco.com.ar

 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Francesco Terenzani  
View profile  
 More options Sep 4 2007, 10:58 am
From: "Francesco Terenzani" <f.terenz...@gmail.com>
Date: Tue, 4 Sep 2007 16:58:03 +0200
Local: Tues, Sep 4 2007 10:58 am
Subject: Re: Security hole
Print | Individual message | Show original | Report this message | Find messages by this author
He-he, fanny response, Victor :D

Sorry, I don't speak English very well, I hope to be understandable...

1) Running the install.php you don't reinstall the tumblelog, but you
can create a new account
2) Taking a look to Gelato's users
(http://www.google.it/search?q=%22powered+by+gelato+cms%22), to delete
the install.php doesn't seems so "rather normal"
3) Delete that file isn't rather normal also because much of the
Gelato's user are also Wordpress user, and think the follow code on
Wordpress install.php is useful just for this purpose (don't delete
any):

if ( is_blog_installed() ) die('<h1>'.__('Already
Installed').'</h1><p>'.__('You appear to have already installed
WordPress. To reinstall please clear your old database tables
first.').'</p></body></html>');

2007/9/4, Victor Bracco <vbra...@gmail.com>:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
pecesama  
View profile  
 More options Sep 4 2007, 11:35 am
From: pecesama <peces...@gmail.com>
Date: Tue, 04 Sep 2007 15:35:16 -0000
Local: Tues, Sep 4 2007 11:35 am
Subject: Re: Security hole
Print | Individual message | Show original | Report this message | Find messages by this author
Jeje, yeah we need to improve the security of the install.php

Now is on the list for the next release :)

On Sep 4, 9:58 am, "Francesco Terenzani" <f.terenz...@gmail.com>
wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
drs.P.  
View profile  
 More options Sep 4 2007, 1:04 pm
From: "drs.P." <spaces...@gmail.com>
Date: Tue, 04 Sep 2007 17:04:48 -0000
Local: Tues, Sep 4 2007 1:04 pm
Subject: Re: Security hole
Print | Individual message | Show original | Report this message | Find messages by this author
Off-topic discussion:
Well you might be right but a search on admind.php andso-on wil give
also many
hits I always wondered why so many online tools use these terms also
the login.php .

As a matter of fact it isn''t  security issue in gelato more caution
should be used with cofnfig.php's they contain often
unscrambled information.

On Sep 4, 4:58 pm, "Francesco Terenzani" <f.terenz...@gmail.com>
wrote:


 
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
End of messages
« Back to Discussions « Newer topic     Older topic »

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2012 Google