| Author |
Message |
erisds
New Member
Joined: Sep 07, 2005
Posts: 11
|
 Posted:
Thu Mar 15, 2007 7:23 am |
|
I'm assuming you guys have vetted and deemed the WYSIWYG editor to be secure now?
Just want to be absolutely sure before I start to use it as I am just recovering from a MAJOR hack whilst using 2.02.02 (although with gallery and vwar etc on the site who knows which bit was the cause). |
| |
|
|
|
FireATST
RavenNuke(tm) Development Team
Joined: Jun 12, 2004
Posts: 654
Location: Ohio
|
| Posted:
Thu Mar 15, 2007 7:27 am |
|
I would guess vwar myself. Have been using gallery 2 for a while with no problems. |
| |
|
  |
|
montego
Site Admin
Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
|
| Posted:
Thu Mar 15, 2007 7:28 am |
|
erisds, to be quite honest, I would place my money on vwar. There are no known issues with nukeWYSIWYG, so I would not assume blame there. However, vwar is a different story from what I have seen in these forums. |
_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
erisds
|
| Posted:
Thu Mar 15, 2007 7:30 am |
|
Not being funny but thats not what my post is asking I am aware of the vulnerabilities in vWar. I only mentioned the hack to make it clear why it was important to me that the WYSIWYG editor is secure.
I have not been using the WYSIWYG editor but would like to enable it... given that it is now deemed secure, from what you have said montego, I take that to be true.. which is good  |
| |
|
|
|
|
jakec
Site Admin
Joined: Feb 06, 2006
Posts: 3048
Location: United Kingdom
|
| Posted:
Thu Mar 15, 2007 7:30 am |
|
The WYSIWYG editor is not the standard insecure editor that is part of the standard nuke and I'm not aware that there were any issues with the version released with 2.02.02. It is likely that the hack would have been through vwar.
The WYSIWYG editor would not have been included in the package if there were concerns over the security, so I think you are safe to activate it. 
I'm sure Kguske will want to comment when he is online, as he worked on the integration into RN. |
| |
|
|
|
|
jakec
|
| Posted:
Thu Mar 15, 2007 7:32 am |
|
lol, how's that for service? |
| |
|
|
|
|
erisds
|
| Posted:
Thu Mar 15, 2007 7:32 am |
|
pretty d***ed good I'd say! |
| |
|
|
|
|
kguske
Site Admin
Joined: Jun 04, 2004
Posts: 6437
|
| Posted:
Thu Mar 15, 2007 8:38 pm |
|
Not aware of any problems or issues with the editor, though it can be configured to allow problems (i.e. allowing bad HTML in the allowable_html array in config.php or allowing unregistered users to upload by changing the tool bar, etc.).
As for finding out how the 2.02 site was hacked: the logs don't lie. Have a look there to find some answers... |
_________________
I search, therefore I exist...
Only registered users can see links on this board! Get registered or login! |
|
|
|
|
erisds
|
| Posted:
Thu Mar 15, 2007 9:59 pm |
|
I'm not gonna be changing the allowable HTML.
As for the logs, it would be nice wouldn't it? However despite how much trouble the hack caused them, they won't let me see the necessary logs. |
| |
|
|
|
|
FireATST
|
| Posted:
Fri Mar 16, 2007 3:55 am |
|
So, was this a hacker that got several sites on their servers? If so, it may have not had anything to do with your installation. Maybe the host has some security flaws itself, allowing access to the server and any site on it. |
| |
|
|
|
|
|
|
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
