Ravens PHP Scripts: Forums
 

 
  Forum Index  •  Forum FAQ  •  Search  •  Memberlist  •  Usergroups  •  Profile  •  Log in to check your private messages  •  Log in

Question regards security
 View next topic
View previous topic
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke
Author Message
unforgotten
New Member
New Member



Joined: Jun 19, 2006
Posts: 5
PostPosted: Mon Aug 14, 2006 10:41 pm Reply with quote
Can someone hack your web-site trough a theme? I just downloaded a free theme and I just worry that maybe if the person who made the theme did not know how to code it properly than someone could hack my site?

Thanks,
John
 
View user's profile Send private message
gregexp
The Mouse Is Extension Of Arm



Joined: Feb 21, 2006
Posts: 1497
Location: In front of a screen....HELP! lol
PostPosted: Mon Aug 14, 2006 11:19 pm Reply with quote
There is no known exploit to my knowledge but this does not mean there never will be.

Jaded-designs.com is owned by a member of this site and from my own personal look at the work, It is VERY well scripted and I would recomend you look at those themes. That is not to say other themes are not coded well, just that I know those themes are well coded.

_________________
For those who stand shall NEVER fall and those who fall shall RISE once more!! 
View user's profile Send private message Send e-mail Visit poster's website AIM Address Yahoo Messenger MSN Messenger ICQ Number
montego
Site Admin



Joined: Aug 29, 2004
Posts: 9457
Location: Arizona
PostPosted: Tue Aug 15, 2006 5:39 am Reply with quote
Well, there actually have been patched versions of the base PHP-Nuke themes and other themes in the past. Yes, it is possible that a theme could open up a security hole. Basically, ANY code that is executed within PHP-Nuke can become the source of an exploit. Most common issues are simply variables that are not given default values (i.e., "initialize") first before using them (because some coders forget that they hadn't initialized them to a particular value first) and issues with not sanitizing GET and POST variables.

Unfortunately, unless you review the code and know what you are looking for, you won't know for certain.

Darklord is definitely right on when he says this:

Quote:

There is no known exploit to my knowledge but this does not mean there never will be.

Not trying to scare you. If the theme designer is "reputable", I think you can rest more easy. But, we're just making sure that you understand that in reality ALL code you implement can have problems. We just make our judgements, make sure we have good backups always, and enjoy what we do... Wink

_________________
Only registered users can see links on this board! Get registered or login!
Only registered users can see links on this board! Get registered or login! 
View user's profile Send private message Visit poster's website
Display posts from previous:       
Post new topic   Reply to topic    Ravens PHP Scripts And Web Hosting Forum Index -> Security - PHP Nuke


 Jump to:   




View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum


Powered by phpBB © 2001-2007 phpBB Group
All times are GMT - 6 Hours
 
Forums ©