Dangerous users Dangerous users
 

News:

CPG Release 1.6.26
Correct PHP8.2 issues with user and language managers.
Additional fixes for PHP 8.2
Correct PHP8 error with SMF 2.0 bridge.
Correct IPTC supplimental category parsing.
Download and info HERE

Main Menu

Dangerous users

Started by Fréderic, October 10, 2004, 09:25:40 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Fréderic

Is it posible in any way (don't tell in wich way) a user can get a paswoord / delete tables / delete files in a CM gallery? I've received the notica that an suspcious user has been registrated... Are there any security holes known in CM 1.3.2?

Thanks!

kegobeer

There are no known security issues with the standalone version of Coppermine.
Do not send me a private message unless I ask for one.  Make your post public so everyone can benefit.

There are no stupid questions
But there are a LOT of inquisitive idiots

Joachim Müller

The recommendations that apply to almost every other app apply to coppermine as well:
- your password should be able to stand dictionary attacks: it mustn't be a name or word from a dcitionary (not in reverse order either), it mustn't be a string of chars that are next to each other on the keyboard or form a certain pattern
- your password should be able to stand brute force attacks (alphanumeric with upper and lower case letters, 8 characters long)
- you should change your admin password frequently

What exactly makes you think a dangerous person has registered? Is it just the username he/she has chosen? I wouldn't be afraid of some wannabe hacker script kiddy, calling itself SiNiStEr_HaCkEr or with a similar stupid attitude... ;D

Joachim