Question regarding security of CPG

net · October 17, 2008, 12:29:58 PM

Hello,

I know this is placed in the wrong section but for some reason i could not make a new thread in the General discussions forum, maybe someone messed up all the permissions for the forum?

Anyway...

I would like to know where most of the security flaws that has been found in CPG previously has been? Are they are related to user upload access? So if no one besides the admin has access to upload theres extreamly low risk of sql injection in cpg?

Joachim Müller · October 17, 2008, 03:09:06 PM

Quote from: net on October 17, 2008, 12:29:58 PM
I know this is placed in the wrong section but for some reason i could not make a new thread in the General discussions forum, maybe someone messed up all the permissions for the forum?

You're not allowed to start new threads on the General discussions forum, so there is no error in permissions - this is on purpose.

Quote from: net on October 17, 2008, 12:29:58 PMI would like to know where most of the security flaws that has been found in CPG previously has been?

Use your favorite diff viewer to figure out. Will take some hours though - that's why you have to do this on your own; supporters won't do that for you.

Quote from: net on October 17, 2008, 12:29:58 PMAre they are related to user upload access?

No

Quote from: net on October 17, 2008, 12:29:58 PMSo if no one besides the admin has access to upload theres extreamly low risk of sql injection in cpg?

No, that's wrong. In fact, it's utter nonsense. Disallowing uploads by others doesn't keep you safe from exploits/attacks against older versions. You have to update no matter what.

coppermine-gallery.com/forum

News:

Question regarding security of CPG

net

Joachim Müller