Security issues - cpg1.4 installation in phpBB database - are there any? Security issues - cpg1.4 installation in phpBB database - are there any?
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Security issues - cpg1.4 installation in phpBB database - are there any?

Started by Lady18wheels, December 25, 2005, 05:43:28 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Lady18wheels

I love having cpg1.4 installed with my phpBB database, and being able to bridge the applications so that my phpBB members don't have to log in again to get to the Gallery.  This wonderful thread ( http://forum.coppermine-gallery.net/index.php?topic=3655.msg15948;topicseen#msg15948 ) helped me understand more about how the integration works, but I'm still just a little concerned about someone being able to hack my message board through the gallery.

Is it possible for someone to hack/crash my message board through the gallery? 
Interested in trucking in the US?  Try my message board

kegobeer

I would worry more about the security holes in phpBB.  As long as you removed relocate_server.php from Coppermine's root directory (link to sticky), you shouldn't have anything to worry about.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

Quote from: Lady18wheels on December 25, 2005, 05:43:28 AM
Is it possible for someone to hack/crash my message board through the gallery? 
I don't think so: coppermine isn't modifying your bbs (neither files nor db settings) at all, so unless you have security issues in your bbs I couldn't see how coppermine could be used as a backdoor to hack your bbs.

Lady18wheels

Thanks y'all.

Quote from: kegobeer on December 25, 2005, 06:46:28 AM
I would worry more about the security holes in phpBB. ... .
A little off topic here, but what's the most secure message board in your (y'all's) opinion?
Interested in trucking in the US?  Try my message board

Joachim Müller

both phpBB and SMF are good applications - they both have an active community, and security issues get fixed very fast. As phpBB is a very popular app, there are of course a lot of silly script kids who explore the vulnerabilities, and therefor there are a lot of attacks against phpBB based boards. Imo all of the bbs apps are OK to use as long as you visit the boards frequently and apply all security patches immediately. This means of course a lot of maintenance work. It should be obvious what application we prefer - we use SMF here because we consider it to be the best for our purposes.