Footer +Security Footer +Security
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Footer +Security

Started by noam, August 01, 2004, 12:00:21 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

noam

Hello,

I was in the process of cleaning up the coppermine code for a site to try and remove any potential seecurity vulnerabilities and I see that a user is not allowed to remove the "Power by Coppermine" footer.

"How do I remove/edit the bottom line "Powered by Coppermine" ?
You mustn't remove the line - it's part of the deal: you're allowed to use Coppermine on your site, but the line stays! It's more than justified to give credit where credit is due; be glad you're able to use such a great piece of software for free.
You are allowed to change the way the line looks by editing the CSS class to make it fit into the design of your site; edit /themes/yourtheme/style.css, look for the class "Footer" and change it as you wish. Note: don't ask stupid questions on removing this line in the Coppermine Photo Gallery Support Board - your posting will be deleted!"

I understand the reasoning behind this - after all the developers deserve credit for producing a nice piece of software. However whenever vulnerabilties are found in popular message boards and galleries such as coppermine, using google it is easy to search for terms such as, "Powered by Coppermine" in order to find vulnerable sites which have not applied the security fix yet. (This is a very common method.)

I do think it is important to preserve the credit, however having a sinlge line like that that is common to all coppermine sites can and does present a security problem.

One suggestion would be for Coppermine to use an image footer, and the image would say. "Powered by Coppermine"?

Just a suggestion....any other?

Noam Eppel
Web Security Consultant
http://www.noameppel.com

Tarique Sani

Having an image is an option which we can consider, in fact having a base64 encoded image in a script file would work well.... BUT would it solve the problem or even decrease it? kiddies will just search with link:coppermine.sf.net

I would however be interested in what clean-up you did in the code?
SANIsoft PHP applications for E Biz