Security Question Security Question
 

News:

cpg1.5.48 Security release - upgrade mandatory!
The Coppermine development team is releasing a security update for Coppermine in order to counter a recently discovered vulnerability. It is important that all users who run version cpg1.5.46 or older update to this latest version as soon as possible.
[more]

Main Menu

Security Question

Started by digitalteck, May 08, 2008, 12:08:31 AM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

digitalteck

I am not sure if this is being posted in the right area. I just installed the latest download. I am making a member gallery for a few friends to post thier pictures and videos. I just seen on google search where people were able to hack in on Myspace, Facebook ect using programs and changing souce code and view private photos by the user ID number. I set my gallery up to where only registerd members can view other galleries if they are given the users photo page and pass if they have one. Guest cannot view anything other then welcome screen and to register. All tags and search bars are removed. So no members can not be found even for registerd members.  Example if I give my friend the link and pass to my gallery and he is a registered user. what are the chances that he can pass it to someone who knows how to hack and they register and make a program to view all the users and the galleries or a someone trying to see someones private photos. Is coppermine safer than Myspace and what up dates do I have to keep up with so hackers cannot find hidden users and galleries.

Joachim Müller

Hackers don't need the frontend (the menu items), so your effort to remove frontend items won't help. For a successfull hack, the hacker (at least the person who initially creates the hack) needs in-deep understanding how the app he's about to hack works. If the hacker decides to publish his hack, script kids might join the bandwagon and perform the exploit even if they don't understand what they're doing.
This is not only the case for Coppermine or the other apps you mentioned. There is no absolute security, but your concept of "security by obscurity" is just nonsense. Hackers as well as script kids prove this on a daily basis. What you can do is keep your apps up-to-date and perform backups frequently. This will make hacks less likely, yet they still happen, as all non-trivial code contains bugs that potentially can be exploited. Keeping your app up-to-date will not prevent zero-day-exploits, but it will make it less likely to get hacked by script kids.
Just google for any app you could think of: you will find reports of hacks no matter what app you pick. Among the results of your search, you will find genuine hack reports, but just as well invalid reports (where the legitimate owner has made something silly like chosing trivial passwords or the person reporting the "hack" actually confusing a malfunction for a hack). It's your choice basically. As a rule of thumb, pick an app with an active community of developers, where bugs get fixed fast.

digitalteck

Thanks for the info, I just want to make sure that I cover myself so someones pictures don't end up on You Tube and then I look bad for not keeping up with security.  I am still new to the gallery and  forum installs. So any help or suggetions on where to check and keep up with the security and updates would be helpful.