forum.coppermine-gallery.net

Support => cpg1.3.x Support => Older/other versions => cpg1.3 Permissions & Access Rights => Topic started by: Fréderic on October 10, 2004, 09:25:40 pm

Title: Dangerous users
Post by: Fréderic on October 10, 2004, 09:25:40 pm
Is it posible in any way (don't tell in wich way) a user can get a paswoord / delete tables / delete files in a CM gallery? I've received the notica that an suspcious user has been registrated... Are there any security holes known in CM 1.3.2?

Thanks!
Title: Re: Dangerous users
Post by: kegobeer on October 10, 2004, 09:26:27 pm
There are no known security issues with the standalone version of Coppermine.
Title: Re: Dangerous users
Post by: Joachim Müller on October 11, 2004, 06:15:45 am
The recommendations that apply to almost every other app apply to coppermine as well:
- your password should be able to stand dictionary attacks: it mustn't be a name or word from a dcitionary (not in reverse order either), it mustn't be a string of chars that are next to each other on the keyboard or form a certain pattern
- your password should be able to stand brute force attacks (alphanumeric with upper and lower case letters, 8 characters long)
- you should change your admin password frequently

What exactly makes you think a dangerous person has registered? Is it just the username he/she has chosen? I wouldn't be afraid of some wannabe hacker script kiddy, calling itself SiNiStEr_HaCkEr or with a similar stupid attitude... ;D

Joachim