Re: [GENERAL] PostgreSQL with Phorum

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi Brian,

Brian Moon wrote:
> 
> | Hi Brian,
> |
> | This sounds interesting.  If you want to really learn to get the most
> | out of PostgreSQL, you're probably best to join the PostgreSQL "Hackers"
> | mailing list.
> 
> Is this an unsupported mailing list?  I don't see it on the PostgreSQL web
> site.

http://developer.postgresql.org/maillist.php

This is a PostgreSQL 'development' mailing list, so generally the most
experienced PostgreSQL coders hang out here.  If you have the time to
watch what goes on and stuff, you'll gain a lot of PostgreSQL
understanding.

 
> | If you've learnt not to deliberately leave backdoors in your code so you
> | can walk into sites', as you used to do with Phorum's code, then you
> | might find some people here willing to help.
> 
> Well, it was never deliberate.  We did have some issues recently that would
> allow code to be run on the server, however, if one followed the
> installation instructions and followed what we recommended to secure your
> files, there was no danger to you.  We also got a fix out within a day of
> finding out about it.  That said, we didn't follow our own advice and got
> hacked.

No, I was referring to the 'boogieman' backdoor you left in Phorum,
which Jfs then found a few years ago.  The one which you then tried to
suppress all of your users from finding out about, until someone pasted
info about it all over the Phorum forums thereby forcing you to come
clean and remove the backdoor from your code.


> | Just checked the Phorum website and noticed you've removed the original
> | advisories, from a few years ago.
> |
> | Hmmmmm.... don't be surprised if people here watch you *very carefully*,
> | due to your prior history of having abused people who placed trust in
> | you.
> 
> Are you speaking of personal experience?  Not sure what you are talking
> about from a few years ago.  Phorum is only 3.5 years old.  We did have some
> things late 2000.  Those were addressed and fixed.  Software has bugs both
> big and little.

http://www.cgisecurity.com/archive/php/phorum.txt
 
> Thanks,

You're welcome.

Justin

 
> Brian.
> Phorum Dev Team

-- 
"My grandfather once told me that there are two kinds of people: those
who work and those who take the credit. He told me to try to be in the
first group; there was less competition there."
   - Indira Gandhi


[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux