Topic: Dangerous users (Read 5131 times)

Fréderic · « **on:** October 10, 2004, 09:25:40 pm »

Is it posible in any way (don't tell in wich way) a user can get a paswoord / delete tables / delete files in a CM gallery? I've received the notica that an suspcious user has been registrated... Are there any security holes known in CM 1.3.2?

Thanks!

kegobeer · « **Reply #1 on:** October 10, 2004, 09:26:27 pm »

There are no known security issues with the standalone version of Coppermine.

Joachim Müller · « **Reply #2 on:** October 11, 2004, 06:15:45 am »

The recommendations that apply to almost every other app apply to coppermine as well:
- your password should be able to stand dictionary attacks: it mustn't be a name or word from a dcitionary (not in reverse order either), it mustn't be a string of chars that are next to each other on the keyboard or form a certain pattern
- your password should be able to stand brute force attacks (alphanumeric with upper and lower case letters, 8 characters long)
- you should change your admin password frequently

What exactly makes you think a dangerous person has registered? Is it just the username he/she has chosen? I wouldn't be afraid of some wannabe hacker script kiddy, calling itself SiNiStEr_HaCkEr or with a similar stupid attitude...

Joachim

News:

Author Topic: Dangerous users (Read 5131 times)

Fréderic

Dangerous users

kegobeer

Re: Dangerous users

Joachim Müller

Re: Dangerous users