Exdata mit aktuellem Release

Post custom hacks and enhancements for phpwcms here only. Maybe some of these things will be included in official release later.
Post Reply
User avatar
molowan
Posts: 34
Joined: Mon 25. Oct 2004, 15:18
Location: Nürnberg - Lauf - Röthenbach

Exdata mit aktuellem Release

Post by molowan »

Hallo,
waere super, wenn mir jemand eine Info geben kann,
ob man exdata mit der aktuellen phpwcms version verwenden kann.

Oder kann jemand einen kleinen Ueberblick geben, welche Module
derzeit gepflegt werden und problemlos mit der aktuellen Version laufen.

Die zweite Frage waere, wo ich den Download von exdata her bekomme?
Die Zugangsdaten aus dem Forum fuer die web.casa.loca seite
sind anscheinend nicht mehr aktuell.

Viele Dank und beste Gruesse :)

Danke fuer eine kurze Info.
breitsch
Posts: 473
Joined: Sun 6. Mar 2005, 23:12
Location: bern switzerland

Re: Exdata mit aktuellem Release

Post by breitsch »

ExData should NOT be used in live systems anymore!
There are several severe security problems.
Download of the module is locked.

A future update may solve these problems. Target date = end of 2009
http://www.youtube.com/watch?v=jqxENMKaeCU
because it's important!
breitsch
User avatar
Fulvio Romanin
Posts: 394
Joined: Thu 4. Dec 2003, 11:12
Location: Udine, Italy
Contact:

Re: Exdata mit aktuellem Release

Post by Fulvio Romanin »

hey breitsch,
being one of those that spotted the security hole, i would though request a quicker solution: i have several live sites that use exdata, and i can't tell them "your site will be down / without stuff until (maybe) the end of 2009". I would be sued, probably.

Please - imagining you don't have the time to rewrite everything, give me / us a hint to work out the problem on our own...

Thanks
F
Completeness is reached through subtraction, not through addition
User avatar
Oliver Georgi
Site Admin
Posts: 9888
Joined: Fri 3. Oct 2003, 22:22
Contact:

Re: Exdata mit aktuellem Release

Post by Oliver Georgi »

All input data (POST/GET) has to be checked and secured. The most important first - check all Queries and escape all custom vars used to build a query by using (sample):

Code: Select all

$query = "SELECT * FROM table WHERE field='" . aporeplace($_GET['param']) . "'";
Oliver Georgi | phpwcms Developer | GitHub | LinkedIn | Систрон
Post Reply