Made to Order Software Corporation - security

Fax Now Online

Alexis Wilke — Fri, 30 Sep 2011 17:02:59 +0000

$0.00

Yes! With Fax Now Online, you can send a fax from your browser or your server (using our MO Fax API) to any fax machine in the US. Easy, flexible and cheap, Fax Now Online is your remote facsimile solution.

$0.00

Snap! Website ($19.99/mo, first month is free!)

Alexis Wilke — Sat, 20 Aug 2011 22:40:50 +0000

$0.00

Snap! is the most advanced, business quality Web 2.0 hosting service available. Snap!, powerful Content Management System (CMS), is easy to use and gives you peace of mind.

More and more, web hosting companies offer CMS systems to their customers. The US, French and German governments and many large businesses chose the same CMS as us. It gives you the ability to build a complete website in minutes and gives you full control of your content right from the start.

$0.00

Security Issue in many mail systems

Alexis Wilke — Wed, 06 Jul 2011 20:04:42 +0000

It always amazes me when one finds a security issue that looks like something that should never have happened in the first place.

This one was found earlier this year by Wietse Venema who first discovered the issue in Postfix.

He fixed the Postfix server quickly, however, he went further. He actually tested many other servers sending commands that bypass that very security measure and to his surprised he found out that Postfix wasn't the only system affected by the problem.

For those interested, all the details of the problem can be found on the Postfix website as CVE-2011-411.

Upgrade to PHP 5.3.3 or older because of security issue

Alexis Wilke — Fri, 10 Jun 2011 00:26:19 +0000

If you are responsible for a Debian or Ubuntu server and run PHP on it, make sure to run the following command to fix several security issues found in PHP:

sudo apt-get install php5-suhosin

This will make the necessary and your PHP version (security wise) will look like you have PHP 5.3.3.

What I found quite annoying in regard to this issue is the fact that it was very difficult to find a mention of this upgrade. All I could find in large number were people saying that you'd have to get an upgrade using the source code of PHP. Somehow, I did not feel like upgrading PHP from source!

Protected Node Global Settings

Alexis Wilke — Thu, 28 Apr 2011 00:49:24 +0000

The protected node module has global settings found under:

Administer » Site configuration » Protected node

Protected node Statistics

The page starts with statistics to let you know how pages are protected on your website. All the counts include published and unpublished content.

Total nodes — the total number of nodes on your website
Unprotected nodes — number of nodes that do not have a password
Protected nodes — number of nodes that are current protected by a password
- Showing title — number of nodes showing their title

To Do Tokens

Alexis Wilke — Tue, 26 Apr 2011 10:02:03 +0000

The To Do module supports tokens that can be retrieved using the Token module.

The available tokens will generally appear in the list of tokens as found under a text area.

The raw tokens are no representing any security risk. They simply return the raw value instead of a more human representation of the value. For example, when the priority is "High", the raw value is 2.

Insert Node Parameter: override (6-1.3) [special]

Alexis Wilke — Sat, 26 Feb 2011 21:49:05 +0000

WARNING

This parameter is considered a security hazard. There is an option in your format definition that you have to turn on in order for the feature to work. When not selected, override is ignored. Only allow this feature in an input filter where you can trust users 100%.

One can use the override parameter to replace the expected data with their own data. Although one would think using the data directly would work as well, there are cases when this is useful.

By default the InsertNode module gets data from the $node object as defined by the system. At times, the data available in the

How to bypass Drupal strong security?

Alexis Wilke — Fri, 18 Feb 2011 00:45:31 +0000

Interestingly enough, today I received a Security Advisory from Drupal saying that users received an email from a hacker asking them to install a Trojan module on their Drupal system.

I find it quite interesting since, if Drupal wasn't secure, the hackers would not have to ask you to make it unsecure, would they?

However, this shows how many CMS systems introduce a security issue problem to your web server installation since it is required to let your web server execute any one PHP file...

All the files installed on your web server and that are directly accessible from the outside (i.e. ...

Fax Now Online

Alexis Wilke — Mon, 15 Nov 2010 08:53:28 +0000

$9.99

jsMath Security Issue

Alexis Wilke — Sun, 18 Jul 2010 08:18:28 +0000

Security Issue

A security issue was found in all versions of jsMath before 2.x-dev for Drupal 6.x of Jul 29, 2010.

You may still securely use older versions of jsMath on private websites and websites were you are the only user (as in, the only one who can log in.)

The Drupal Security Advisory issue is here: http://drupal.org/node/854402