[joomla] Two Joomla sites on one hosting package?
Leam Hall
leam at reuel.net
Fri Dec 12 06:02:47 EST 2008
On Thu, 2008-12-11 at 13:30 -0500, ozzie sutcliffe wrote:
> and since when have script kiddies been fair lol
Is that a note to the community that security best practices aren't
standardized? Anyone have a script that will go through a Joomla
instance and find vulnerabilities?
Matilda the puppy had a rough time last night so I didn't get much
sleep. Spent a few brain cycles on this and what I hear you saying is
that the regular hosted instance of Joomla is very security vulnerable.
I've already run into instances where PHP writing files to the server
requires overly open permissions. My hosted directory runs under my
username but apache runs under it's own name. While I can accept that my
scripts need security it sounds like there's a larger issue.
Can you elaborate a bit when you have time? I understand your concern
about Extensions showing directory and thus file contents. With no extra
estensions outside of 1.5 base, is the vulnerability still there? I
believe the hosted Apache instance runs php as a module, but they've
done some stuff to PHP and then bother telling us after the fact.
Your note does press on a larger issue; how is security in Joomla
documented and nurtured in the community?
Leam
p.s. Hope this both makes sense and avoids offense. Matilda really did
have a rough night and so did "daddy".
...clunk...
More information about the Joomla
mailing list