If we have a third party module what do we need to add

Client Joined: Jul 18, 2003 Posts: 977

to it to make it secure? I thought I read somewhere that a line of code at the beginning will bring it up to speed. Am I hallucinating?

registered · Site Admin Joined: Jun 04, 2004 Posts: 6437

Well, I wouldn't call it hallucinating... Dreaming, may be a better term.

If you want to prevent someone from directly accessing the third party module without going through the /modules.php?name=3rdPartyModule path and to use Nuke's ability to control access to modules by admin, member, etc., then an if statement at the beginning will do the trick.

But, secure means different things. If you want to leverage NukeSentinel to prevent XSS, SQL injection, etc., calls to the database must go through standard Nuke database functions, accessed through the mainfile. This is usually NOT a trivial task.

There are a host of other considerations for porting 3rd party applications, but this highlights some of the issues around security.

Posted: Tue Dec 06, 2005 11:51 am

ah okay Can you please post the if code?

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

Just copy the IF code from any standard nuke module at your site Smile

Posted: Tue Dec 06, 2005 12:54 pm

okee dokee
forest... trees
forest... trees

Posted: Tue Dec 06, 2005 3:46 pm

Worker Joined: Feb 18, 2006 Posts: 155 Location: Virginia

I just added an Iframe script to a center block on my homepage that allows users to view teamspeak server status via an offsite (TS Viewer) service. I just used the add block in the admin area and pastes the script there.

It allows users, including anonymous users to login to their teamspeak and join a channel.

My question is could this pose a security risk that I may need to address?

I have RN 2.02.02 with NS 2.5.05

Here is the homepage to see what I am talking about.

http://www.saints-n-sinners.com