| Author |
Message |
sharlein
Member Emeritus
Joined: Nov 19, 2002
Posts: 322
Location: On the Road
|
 Posted:
Thu Oct 16, 2003 7:05 am |
|
Yesterday i saw a package on Nuke Cops that contained all of the recent fixes. It contain 35 files that were fixed. I have only been aware of the two i was working on, i.e., admin and auth php. Should I upload all of those files? Thank you from my little world of confusion  Steve
P.S. I hope you enjoyed ur way 2 short time off. |
_________________
Give Me Ambiguity Or Give Me Something Else! |
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Thu Oct 16, 2003 7:10 am |
|
If you read the news thread on the front page of NC, the fix package is creating many problems. I would stay away from it until it settles. Many of the changes in those packages are precautionary as opposed to the absolute ones that have been made public. Mileage may vary and precaution these days may be worthwhile, but wait untile they get the bugs worked out. Just my opinion! |
Last edited by Raven on Thu Oct 16, 2003 7:20 am; edited 1 time in total |
|
|
|
|
sharlein
|
| Posted:
Thu Oct 16, 2003 7:18 am |
|
Thank you, Raven. You know I value your opinion I will hold off, and I will go read that thread. Keep up the good work. Speaking of good work, I may needing another account on your Web Hosting. I will submit through the Web Hosting when I'm sure of what i need. Steve |
| |
|
|
|
|
Frogger
Worker
Joined: Oct 06, 2003
Posts: 108
|
| Posted:
Wed Nov 05, 2003 11:02 pm |
|
During the time we wait for NC to update these fixes, what concerns should we have on these "possible" sql injection vunerabilities"? |
_________________
Only registered users can see links on this board! Get registered or login! |
|
  
 |
|
Raven
|
| Posted:
Wed Nov 05, 2003 11:10 pm |
|
If you've installed the ones from my site, thus far, you are pretty safe, assuming you have kept up with the prior ones too. I haven't heard of any exploits after the last ones posted here. The other things that NC is adding is somewhat overkill, but, maybe better safe than sorry. They may also have some inside information that I do not. I am rather perplexed that they put those out buggy and didn't say anything to the contrary until the negative feedback started. Then they got somewhat defensive. Kind of reminds me of FB. Then to go this long w/o fixing them is really strange too. |
Last edited by Raven on Thu Nov 06, 2003 6:34 am; edited 1 time in total |
|
|
|
|
Anubis_The_Jackal
Court Jester
Joined: Sep 20, 2003
Posts: 106
|
| Posted:
Thu Nov 06, 2003 2:49 am |
|
perhaps the worlds coming to an end. Or the marriage thing is taking up a load of time? |
| |
|
|
|
|
Frogger
|
| Posted:
Thu Nov 06, 2003 9:18 pm |
|
It's all about priorities, I guess. 
I have two sites that are your 6.9 and two test sites that are 7.0 with no security fixes in placed with exception to the Downloads and Weblinks modules.
I have copies of security patches where most have file dates of 10-15 or earlier for both 6.9 and 7.0.
Is it critical or important that these fixes be applied?
I ask only 'cause I'm tired of blindly following advise when the details are left to assumption. 
Must be right about the marriage.... |
| |
|
|
|
|
Raven
|
| Posted:
Thu Nov 06, 2003 9:26 pm |
|
Depending on when you installed the 6.9 from here, they may already be applied. If they are, I will have noted it in the raven change log. You should make sure that you have all the fixes in place that I have offered on my site. You and I tested your site the other day and fixed the leaks that it had. You should be ok. If you have more fixes that aren't applied, let me know which ones and we can check them out. |
| |
|
|
|
|
Frogger
|
| Posted:
Thu Nov 06, 2003 10:09 pm |
|
I figured you would have mentioned other fixes if they were necessary, but if you'd like I'll check them out and see if there are any changes so you can check 'em out. |
| |
|
|
|
|
Anubis_The_Jackal
|
| Posted:
Fri Nov 07, 2003 3:29 am |
|
would you help me check my site for problems after i upgrade it? its at nuke 6.9 but im stil getting the Coppermine 1.2 to work. seems to be rather buggy for an RC 2 you know? |
| |
|
|
|
|
Raven
|
| Posted:
Fri Nov 07, 2003 4:58 am |
|
What I mean to frogger was that he checks his own code to see if the patches are installed. If he finds patches that are NOT installed, then let me know which ones and I will check to see if it is a nice-to-have or really a must. |
| |
|
|
|
|
Frogger
|
| Posted:
Fri Nov 07, 2003 6:53 am |
|
If I were you, I'd hold off upgrading to 1.2.0 as it brought an entire test site of mine to it's knees.
Bug is an understatement when it comes to the new release candidate.
If you use it on a production site, I hope you have a complete backup of everything......you're gonna need it.
With this being a new release from authors who took over the project....well. ..... credit must be given to them, but W A I T for a more stable release. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
