| Author |
Message |
spork
Hangin' Around
Joined: May 12, 2005
Posts: 37
|
 Posted:
Tue Oct 04, 2005 12:50 am |
|
hello everyone ..
im here to let you know that i heard some speculation that there is no real secure nuke as well as complient weise too..
well except what steph has made..
im here to inform everyone that the rumor of that is not entirely true..
becase codezwiz has there enchanced version of nuke wich is 7.0 with some killer add ons..
it is not wc3 complient but it is secure and it runs about seven thousand websites known to date and none of them have ever ben defaced..
im not saying this is the best or the brightest but i am saying with that version of nuke as well as sentinel installed it has proven to be flawless..
if i am wrong about this please do let me know so i can tell the ower his admins that they all lied to me
you have all ben informed as a just ta let you know basis thanks for ya time i wont waste anymore of you nuke day  |
| |
|
|
|
jaded
Theme Guru
Joined: Nov 01, 2003
Posts: 1006
|
| Posted:
Tue Oct 04, 2005 5:30 am |
|
|
|
|
technocrat
Life Cycles Becoming CPU Cycles
Joined: Jul 07, 2005
Posts: 511
|
| Posted:
Tue Oct 04, 2005 9:36 am |
|
Unless you have been manually applying the patches to your site, then your site has a HUGE number of holes in it. In fact if you havent, I could probably deface your site in a few seconds with the phpbb holes alone.
Telli's package is nice but far from the most secure, even with Sentinel. Just a quick glance at it shows that its BADLY outdated and has a number of security issues still in it. I actually think someone should tell him to either update it or take it down, I can see a bunch of problems with it. 
Security on your site is an on going process that requires a lot of work and upkeep. Claiming that one version is the most secure is a falsehood. In fact claiming any site is completely secure is a bad assumption. Give a hacker enough time and resources and anything is possible.  |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! / Only registered users can see links on this board! Get registered or login! |
|
|
|
|
Raven
Site Admin/Owner
Joined: Aug 27, 2002
Posts: 17088
|
| Posted:
Tue Oct 04, 2005 9:46 am |
|
| spork wrote: | | im here to inform everyone that the rumor of that is not entirely true.. |
A truth is not a truth unless it is all the truth. There is not a nuke nor derivative, that is fully safe. In most cases we may be able to say we're safe for now. As Techno says, if you haven't applied 100% of Chat's patches, as well as NukeSentinel or a comparable alternative, you are an easy target. |
| |
|
|
|
|
djmaze
Subject Matter Expert
Joined: May 15, 2004
Posts: 727
Location: http://tinyurl.com/5z8dmv
|
| Posted:
Tue Oct 04, 2005 10:04 am |
|
| The Matrix wrote: | "Do not try and bend the spoon. That's impossible. Instead ... only try to realize the truth."
"What truth?"
"There is no spoon."
"There is no spoon?"
"Then you'll see that it is not the spoon that bends, it is only yourself." |
Code:echo str_replace('spoon', 'security', $quote);
|
|
Last edited by djmaze on Tue Oct 04, 2005 10:09 am; edited 1 time in total |
|
|
|
|
Raven
|
| Posted:
Tue Oct 04, 2005 10:08 am |
|
|
|
|
|
spork
|
| Posted:
Tue Oct 04, 2005 2:46 pm |
|
well sence i have re read what i wrote
i seemd rude and i wanted everyone to know that i was not trying to be that way ..
and secondly i wanted to thank tech and raven and everyone for showing me the light..
meening i appreceate ya feed back and ill be mailing telli about this thanks |
| |
|
|
|
|
akamu
New Member
Joined: Jun 22, 2004
Posts: 6
|
| Posted:
Tue Oct 04, 2005 3:19 pm |
|
| spork wrote: | no real secure nuke as well as complient weise too..
well except what steph has made.. |
And what did steph make? |
| |
|
|
|
|
spork
|
| Posted:
Tue Oct 04, 2005 3:37 pm |
|
steph has made the only wc3 complient nuke including everything basicly..but then again we never know until we all get ta see the source code..
wich is going to cost us 250$ if i understand right
check it out
http://64bit.us/ |
| |
|
|
|
|
spork
|
| Posted:
Tue Oct 04, 2005 3:38 pm |
|
also i will make note on here to ya that, it probably wont be long until tech makes nuke evo that way as well so ... |
| |
|
|
|
|
64bitguy
The Mouse Is Extension Of Arm
Joined: Mar 06, 2004
Posts: 1164
|
| Posted:
Tue Oct 04, 2005 4:00 pm |
|
Whoa whoa whoa... You understand wrong.
Where on my site or anywhere else does it say my code is going to cost $250?
And if someone is saying that, when am I going to be collecting that? I mean wow... I'm waiting with open arms.. lol
As for Nuke being secure... I don't know of any version of Nuke that is 100% secure, mine included. The core design flaws of Nuke make such an assessment ... how should I say it?... um... unrealistic. With patching and security add-ons, your domain can be assessed as "reasonably secure" which I think is about the best you could say I guess. Other solutions have better default code, but they aren't called Nuke.
Finally, as for Telli's code, I won't knock it as frankly I haven't looked at it in quite a while (I've had my hand more than full), but I would tend to question that statistic that 7,000 domains are using it, given the datestamp of the download. Oh, and just because a large number of people have downloaded it, it doesn't mean that this number reflects how many people are using it. I myself have downloaded a lot of "packages" just to look at code in one part of it. Sometimes (because I have deleted the "package") I have been known to D/L that software more than once. I myself have looked at that package twice for two different things, so there's two examples of d/l's that aren't in use.
Just a heads-up.
Steph |
_________________
Steph Benoit
100% Section 508 and W3C HTML5 and CSS Compliant (Truly) Code, because I love compliance. |
|
|
|
|
spork
|
| Posted:
Tue Oct 04, 2005 4:51 pm |
|
actualy steph its really clear on your site is says this
'Premium' Commercial Client Subscription With Evaluation Subscription: $250.00
Entitles access to restricted Commercial Client Links, All Downloads, All Technical Support & Commercial Client Restricted Forums, News, Reviews, Surveys, and other Commercial Client Only Content.
Note: This entitles you to the 15-Point Domain Evaluation!
Commercial Clients Will Be Provided With Free Access To 'After-Patched' Solutions!
that is what leads me and oh about ten other people i know that this is going to cost us 250$ for the updates and patches for nuke..
please note that this doent not count the single nuke charge this is just so u can download all the updates for it if there are even any
so in a sence i was wrong about saying oh its gunna cost ya 250
for nuke but its going to cost u to update it that is if im not wrong again wich in the last week i ben arong aloat
meening steph might release the patches for it for free sence ya bought
also note that i dont know if steph is going to make it so u can buy this software wihtout having a subscription either..
this is just waht i gatherd from what i read
also if ya read through it on the site basicly this is the only subscription wich u can buy it look for your self if anyone has questions..
http://64bit.us/subscriptions-pricing.html
i personaly dont see where it says in any other subscription u can have it with it..
becase it blatently says u cannot have it with the 25$ general downloads subscription
'After-Patched' Access Is NOT included with this level of subscription!
it also says that u cannot have it with a 40 $ subscription
'After-Patched' Access Is NOT included with this level of subscription!
and for 125$ subscription it dosnet say ya cant have it but it dosent say u can have the updates either
and the only package that reads this is the 250$
Commercial Clients Will Be Provided With Free Access To 'After-Patched' Solutions!
wich in conclusion my tens friends and i all understand that this would cost at least 250$
care to share your comments steph? |
| |
|
|
|
|
64bitguy
|
| Posted:
Tue Oct 04, 2005 5:20 pm |
|
My comments have been shared in a variety of places on my domains, but I will clarify regardless.
It has been stated repeatedly that my commercial clients have access to all of my solutions at no charge, without restrictrictions. Commercial Clients are not paying for after-patched, they are paying for other services including my work doing domain evaluations. That is a seperate issue altogether and is part of what I do in helping people setup/evolve websites.
The reason why SOME of the other level of memberships state that they do NOT include After-Patched is because at this point I am not distributing the solution. I can't offer a subscription level like "Downloads Only" and then have people expect "after-patched" to be included, when it is not and won't be for those that are looking for things like "Syndicated News" and other custom modules.
To not clarify that in advance would be unethical which is why I state in bold letters that certain levels of subscription do not include the after-patched code.
Additionally there are other articles that state outright that I have not decided on how this solution will be distributed. If it will become a fork, or simply revised baseline Nuke Code. This also has much to do with why no determination in this regard has been made. I also have a survey on this issue on my homepage, and address this in a few forum posts including, "When will "after-patched", 100% modules be ready?"
See: http://64bit.us/ftopict-172.html#587 |
| |
|
|
|
|
technocrat
|
| Posted:
Tue Oct 04, 2005 5:59 pm |
|
Evo is already largely 4.01 transitional. Jelle (who is doing the work) is now on to strict. But as 64bit can atest to its hard work and takes many hours to fix everything.
I have discussed this with Steph before and once he has released his afterpatch I will discuss including it in to our package as well. |
| |
|
|
|
|
spork
|
| Posted:
Tue Oct 04, 2005 6:15 pm |
|
thats wonderful news tech thanks... |
| |
|
|
|
|
telli
New Member
Joined: Sep 24, 2003
Posts: 21
|
| Posted:
Thu Oct 06, 2005 6:15 am |
|
| Quote: |
Spork from Codezwiz
is this version of nuke up to date with security patches that have ben applied by nukescripts?
i plan to download this for a commercial site..
it is emparative that the cms i run be stable secure weise do to the fact i cannot have my
site defaced and my clients information distrubited..
so please tell me codezwiz this nuke is the answer too all my problems..
and if its not please lead me in the right direction thank you for your time..
|
Just in case you missed my answer Spork...
| Quote: |
This version is not up to date on fixes. If your a good coder you should be able to use the patch files. I do not believe there is a full patched version out there. You have to apply those patches after you install the php nuke.
|
|
_________________
http://codezwiz.com/ |
|
|
|
|
djmaze
|
| Posted:
Thu Oct 06, 2005 3:58 pm |
|
| technocrat wrote: | | Evo is already largely 4.01 transitional. Jelle (who is doing the work) is now on to strict. But as 64bit can atest to its hard work and takes many hours to fix everything. |
Hmm i wish you all goodluck to get it all fixed. There are still 388 errors on the index page alone already that still need to be fixed is a lot of work.
http://validator.w3.org/check?verbose=1&uri=http%3A//nuke-evolution.com/ |
| |
|
|
|
|
technocrat
|
| Posted:
Thu Oct 06, 2005 5:36 pm |
|
|
|
|
|
64bitguy
|
| Posted:
Thu Oct 06, 2005 11:34 pm |
|
I like evolution, but my one problem with it is the lack of compliance. I haven't seen any compliant modules and I would only comment that I think adding the mods (most of which I really like) before having a compliant baseline complicates your job significantly.
This is why I'm starting from the ground up in making the baseline compliant and fixed first, so as mods are added I (or anyone else) can easily see if there are any issues with that mod.
I couldn't imagine having to update that puppy once all of the mods are done given that the theme issues alone will complicate your life.
For my part, After-Patched for 7.8 looks like it is now finished. I've got a security challenge out there right now. Personally, I think this would make a great baseline for Evolution (for you to load up all of your mods on).
I believe I have worked out all of the 7.8 Security issues as well, but we'll just have to wait and see. I invite everyone to try every known exploit against it (I've disabled NukeSentinel from blocking people, it just records events on the 78 test domain and will give you the appropriate splash screen when events are blocked, but you won't be locked out).
Try it out and see not only how nice cross-browser compliance and W3C Compliance looks, but also notice how fast everything is!
After-Patched 7.8.3.1.1 Test Domain http://78.64bit.us |
| |
|
|
|
|
spork
|
| Posted:
Fri Oct 07, 2005 12:36 am |
|
yes telli i have recieved your message thankyou for your time as well i know how busy of a guy u can be at time so thanks again |
| |
|
|
|
|
technocrat
|
| Posted:
Fri Oct 07, 2005 9:22 am |
|
Well we have Basic almost in the bag.
But we want to start on advanced and if you are offering up your version as a baseline we can probably use that as a starting point for advanced and move forward. When we can begin to implement it back into Basic.
I am going to stop Hijacking this poor thread and post on your site so we can discuss this futher. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
