Is it posible in any way (don't tell in wich way) a user can get a paswoord / delete tables / delete files in a CM gallery? I've received the notica that an suspcious user has been registrated... Are there any security holes known in CM 1.3.2?
Thanks!
There are no known security issues with the standalone version of Coppermine.
The recommendations that apply to almost every other app apply to coppermine as well:
- your password should be able to stand dictionary attacks: it mustn't be a name or word from a dcitionary (not in reverse order either), it mustn't be a string of chars that are next to each other on the keyboard or form a certain pattern
- your password should be able to stand brute force attacks (alphanumeric with upper and lower case letters, 8 characters long)
- you should change your admin password frequently
What exactly makes you think a dangerous person has registered? Is it just the username he/she has chosen? I wouldn't be afraid of some wannabe hacker script kiddy, calling itself SiNiStEr_HaCkEr or with a similar stupid attitude... ;D
Joachim