Re: Feature request: Security improvements

Something I ran into last night when discussing this post with another programmer friend of mine...

I don't know if XOOPS also allows remote POST to files. If so, can we look at restricting POST to local filesystem files. Simon (from OIOPublisher) is already looking at a method for WP. I'm sure we could adapt this to our needs.

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...
Topic | Forum


Re: ImpressCMS LinkedIn group

Joined! Waiting for acceptance.

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...
Topic | Forum


Re: Facebook Group for ImpressCMS

Joined

We should also consider MyBlogLog and Blog Catalog for our iCMS Blogs.

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...
Topic | Forum


Facebook Group for ImpressCMS

Good idea about the LinkedIn Group so this is a new group on Facebook :

http://www.facebook.com/group.php?gid=7395938599

Facebook and linkedin will be very nice tools to make people know about us !

Topic | Forum


Re: Feature request: Security improvements

There's some good tips on xoops-tips about moving the important data from mainfile.php outside of the root as well - combine this with random database name, random file name and so on - it'll help a lot.

Topic | Forum


Re: Feature request: Security improvements

Funny you should say this Wtravel.

I was going to make a suggestion that the install routine could also add xoops_safe_path - like GiJoe's modules use - during install.

For people who can't create an "external-from-main-directory" directory - in could be pointed to a httpdocs\ level directory.

Topic | Forum


Feature request: Security improvements

I am not sure what changes to the installation files are planned for 0.5, but regarding security improvements I surely hope we can move the mainfile.php to a folder outside the web root. Using an additional crypt class could encrypt the DB password as well, so that if for some reason someone can see this file (within a company perhaps someone standing behind the programmer) they still cannot do anything with it.

Another desired feature related to this is the creation of a random DB prefix upon installation.

One of the default modules IMHO should be the Protector module. This has proved to be very useful in stopping attacks, even though it is not a guarantuee for stopping everything.

Are these security improvements already planned or is it still unassigned?

Topic | Forum


ImpressCMS LinkedIn group

  • 2007/12/11 0:31:37
  • herko

http://www.linkedin.com/e/gis/45459/3A9B02585174

Herko

Topic | Forum


Re: pical with block "minical_ex"

This is something we should look at someone -as it is a very useful module.

Topic | Forum


Re: pical with block "minical_ex"

Yes - you are correct.

This does not appear to work.

Topic | Forum


Re: pical with block "minical_ex"

You can not show the plugin-dot in you block.

Topic | Forum


Re: pical with block "minical_ex"

What was the problem with the module?

I chose the minical block - and it displays fine?

Topic | Forum


Re: pical with block "minical_ex"

I do not see why it should not work.

I'm attempting upload at my test site to see if perhaps this is related to other issues... like the resource-template change of GiJoes (now fixed in ICMS update)

Topic | Forum


pical with block "minical_ex"

XOOPS 2.0.x has a problem with the block "minical_ex" from pical (GiJoe).

http://xoops.peak.ne.jp/md/d3forum/index.php?post_id=9787

Could you in the future work with impresscms?

Topic | Forum


Re: A proposition for a true opened developement !

Dave: That's the reason I suggested the "Live" & "Dev" versions (I'm sure there's a better naming structure - but lets use this for now )

Basically "Live" svn would be available to "Core" devs only - but the "Dev" release would be available to anyone.

There would be a small delay of - for example - 3 days ... after this delay, any code which seemed to be suitable from "Dev" could move to Live.

Perhaps a Branch on "Dev" being made for every month?

Does this make sense? Or am I talking nonsense

Topic | Forum


Re: Modules

Quote:


JMorris wrote:
I think there should be some form of content management that is native to the core. Perhaps a "page" functionality with native WYSIWYG. Also a set of classes that enable you to output a ordered listed of recent pages in either templates or blocks.



There was some talk of a variation of SmartContent being included.

Quote:


If we are going more in the direction of Community Management Software, then I don't think modules should be bundled with the core. Core devs could still work on Mod dev teams, take Marcan for instance, but I don't think modules should be packaged with the core.



A regularly updated set of module packs - such as Sato-sans - could replace this need.

Quote:


Now, if it is decided we move more towards true Content Management, then I would retract the above statement about bundling modules. Provided the modules bundled pertained to content management. (news, document management, blog, etc).



Agreed - for myself, I would like to see some "basic" - quick start "mini-modules" ... similar to how Drupal (Droopy - as I call it ) does... giving newcomers some simple tools - but allowing them to load more advanced ones.

Actually this leads me into another post which I'll make in a moment concerning modules - in the "Future ideas" section...

Topic | Forum


Re: Adding a Remember Me on this very site

Also another nod towards a developer who I think deserves it (GiJoe)

Topic | Forum


Re: Adding a Remember Me on this very site

Quote:


Vaughan wrote:
in admin we could do with a function that will instantly flush the session table and basicly destroy all current valid sessions without the need for going into the db manually, or changing the session name.



A very good idea.

On the same note - as I've sometimes still seen the XOOPS bug where themes are not refreshed immediately - how about something like James's "delete template_c" routine being added near this - which we use here, to effect immediate changes?

(Something that will remove all contents from cache, template c, and similar folders - except for the ususal index.html of course)

Topic | Forum


Re: ImpressCMS Theme

I think I understand what you are saying about the smarty logic and it makes sense. After looking at the lines for several hours, I went cross eyed because they all looked similar. I wouldn't be surprised if I missed a couple scenarios.

BTW... Thanks Dave for helping me with the empty() function in Smarty!

I hope, when we are done with this thing, that the logic could possibly be integrated into the core somehow. For instance, a drop-down box to select the column quantity.

If 3 Col -> div id = col1, col2, col2
#col1 {width:33%}
#col2 {width:33%}
#col3 {width:33%}

Then just write the setting to blocks.html and blocks.css.

By using the left float technique, we can do this rather easily without breaking things provided the block width is consistent.

Oh, sorry, back on track.... Damn ADHD!

I'll get back to work on this. Thanks!

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...
Topic | Forum


Re: Adding a Remember Me on this very site

Sounds like a reasonable compromise.

JMorris (aka James Morris)
ImpressCMS Professional Services: INBOX International inc.
James Morris Online | Frolicking on the playground that is the Internet...
Topic | Forum



 Top