News Feed
Sections




News Archive
feed this:

Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Docs.Joomla.org:
Vulnerable Extensions List
January 07, 2010 @ 13:54:24

Joomla users may or may not know about this list of extensions on the Joomla Docs that have been marked as vulnerable to various kinds of attack. Before you install an extension, you might want to check the list to ensure you're not exposing your site to a malicious attacker.

Please check with the extension publisher in case of any questions over the security of their product. Report Vulnerable extensions either in the jforum:432 security topic or the extensions topic clearly marked with the first word in the title being Vulnerable where the security moderators or JSST team will respond. This list is change protected, for updates or editing requests Mandville or lafrance.

Each of the issues includes the extension name, a summary of what the issue is, when the vulnerability was published, a possible severity level and a link to more information about the problem. Some extensions listed also include a link to an updated version that corrects the issue.

4 comments voice your opinion now!
joomla vulnerable extension


Ken Guests' Blog:
Is PHP vulnerable software?
August 27, 2008 @ 10:28:40

In response to some of the claims made by CNet about the security of PHP, Ken Guest has made a few comments on his blog hoping to correct a few wrongs.

What are featuring in IBM's top ten of vulnerable that makes the report insinuate that the PHP language is a security risk are Jooma, Wordpress and Drupal. How PHP would feature in a list of "vendors" is beside the point.

He illustrates with an allegory that it's not the tool's fault if it's used improperly. Pointing out software like WordPress and Drupal is not the same as pointing out issues with the language that powers them (no matter how trendy it is). The burden is on the developers to use the power the language offers to create more secure, flexible, stable applications. Does PHP have its share of problems? Sure, but get it right next time CNet - don't blame the tool if the builder's not up to spec.

0 comments voice your opinion now!
vulnerable software ibm cnet article wordpress drupal


Ivo Jansch's Blog:
Apple, Microsoft and PHP are vulnerable
August 26, 2008 @ 08:47:28

Ivo Jansch mentions an interesting comparison that CNet made on security and levels of vulnerability in a new blog post today. Their article mentions PHP right along side Apple and Microsoft in their list of "most vulnerable software".

This article once again demonstrates the cluelessness that some people have regarding what PHP is. First of all, PHP is not a vendor, so "Apple, Microsoft & PHP" does not make much sense. Furthermore, the only reason PHP even is mentioned in this context is that Joomla, Drupal and Wordpress appear in the list. So PHP, a programming language, gets blamed for the security flaws that are in these packages.

By their logic (applications written in a language on the list means the language is more insecure), they should have marked C as a more insecure language given the ratio of PHP to C software.

0 comments voice your opinion now!
apple microsoft vulnerable wordpress drupal joomla invalid conclusion



Community Events





Don't see your event here?
Let us know!


list library opinion podcast bugfix release api community laravel install symfony series framework introduction deployment tips language interview voicesoftheelephpant package

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework