Advanced search  

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Pages: [1]   Go Down

Author Topic: Dangerous users  (Read 4790 times)

0 Members and 1 Guest are viewing this topic.

Fréderic

  • Coppermine novice
  • *
  • Offline Offline
  • Posts: 29
Dangerous users
« on: October 10, 2004, 09:25:40 pm »

Is it posible in any way (don't tell in wich way) a user can get a paswoord / delete tables / delete files in a CM gallery? I've received the notica that an suspcious user has been registrated... Are there any security holes known in CM 1.3.2?

Thanks!
Logged

kegobeer

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 4637
  • Beer - it does a body good!
    • The Kazebeer Family Website
Re: Dangerous users
« Reply #1 on: October 10, 2004, 09:26:27 pm »

There are no known security issues with the standalone version of Coppermine.
Logged
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

  • Dev Team member
  • Coppermine addict
  • ****
  • Offline Offline
  • Gender: Male
  • Posts: 47843
  • aka "GauGau"
    • gaugau.de
Re: Dangerous users
« Reply #2 on: October 11, 2004, 06:15:45 am »

The recommendations that apply to almost every other app apply to coppermine as well:
- your password should be able to stand dictionary attacks: it mustn't be a name or word from a dcitionary (not in reverse order either), it mustn't be a string of chars that are next to each other on the keyboard or form a certain pattern
- your password should be able to stand brute force attacks (alphanumeric with upper and lower case letters, 8 characters long)
- you should change your admin password frequently

What exactly makes you think a dangerous person has registered? Is it just the username he/she has chosen? I wouldn't be afraid of some wannabe hacker script kiddy, calling itself SiNiStEr_HaCkEr or with a similar stupid attitude... ;D

Joachim
Logged
Pages: [1]   Go Up
 

Page created in 0.017 seconds with 20 queries.