How secure is phpLD ? What's your experience.

My installation got hacked. I'm not sure if it's from a security flaw in PHPld or lax directory rights... :s

__________________
Motorology Network - Website Traffic Reseller - Sponsored Themes -

Feel free to post over in the phpLD forums about this, as we would always be interested in this sort of thing. To date, there are no known exploits to current versions of our scripts.

__________________
PHP Link Directory - start a directory and start making money
phpLD Forum - phpLD Mods

Feel free to post here as well, that way there is nothing hidden from anyone and if it is security related then we all have a right to know.

-MGS-

__________________
Directory-Owners: The straight talking forum.
I recommend the phpLynx Business Directory Script

until now , I never heard about hacking a phpld 3.2 so i can say it is 80% secure

I have yet to see 3.2 hacked as a result of an issue with the code itself. I do know of one incident that involved a mod released by a third party, but that was quickly addressed, and involved only a couple of users.

__________________
PHP Link Directory - start a directory and start making money
phpLD Forum - phpLD Mods

In David's defence neither have I seen a hacked version but there have been rumours floating around. 80% confidence in a script for security is very low, I'd not comment until you've tried it. David is right that modifications are always going to be the biggest problem for a script as you simply don't know who's making them and whether the fixes contain security issues. My advice is go for an encrypted version that can't be hacked or an opensource like phpld but ONLY by using modifications by someone who can show you the are qualified to carry out this work and is prepared to put in writing that they will insure you against loss if they cause a security breach. (I doubt anyone would do that but its sure as hell worth asking.)

My biggest worry with opensource scripts is that they are messed about with by all sorts, they all claim to be experts but because of the nature of the internet even the script owners themselves don't REALLY know who most of them are. BE CAREFUL is the word that comes to mind.

-MGS-

__________________
Directory-Owners: The straight talking forum.
I recommend the phpLynx Business Directory Script

It would be easy easy get into a debate about the benefits of open or closed source scripts. When it comes to PHP, there are few that are widely used and closed source. If there are some widely used PHP scripts that are closed, I would love to know which ones they are so I can study them.

Should a rumor become fact, we are prepared to quickly take action, both through fixing the problem, as well as through a notification process. Fortunately, since we have started in 2005, things have gone very well in the area of security.

__________________
PHP Link Directory - start a directory and start making money
phpLD Forum - phpLD Mods

[quote=dvduval;18807]phpmydirectory comes to mind, so does phplynx as coded scripts getting more popular by the day to name just two.

My biggest bugbear with opensource is the abuse of it by people like you who are prepared to sit back and let others develop a product for you with very little 'relative' reward while you take all the plaudit, fom my visits the real owners are people like the bobby's and anon's who do most of the coding. i'm genuinely worried that one day this will backfire on you though.

now this is one thing I do believe from you, the one thing you are is protective of the script and I applaud you for it, the problem is that you've already conceded that because people can access the script and make modifications it renders the script susceptible to vulnarability which is one thing you don't get with closed source scripts like phpmydirectory or phplynx etc.

-MGS-

__________________
Directory-Owners: The straight talking forum.
I recommend the phpLynx Business Directory Script

Yes, with closed source, if there were an XSS exploit, you would be almost 100% dependent on the developers of the script to issue a fix, and could not get a PHP programmer to take a look.

Exploits are often discovered by attempts to submit urls or form fields, and access to the source is not always needed to find exploits. Regardless of whether it is closed or open, what is important is the care taken to write secure code, and I believe we have done a good job with it.

__________________
PHP Link Directory - start a directory and start making money
phpLD Forum - phpLD Mods

I am wanting a script to be working my project and am very happy to look at security because of importance. Tell me an answer please if you will. Why would a closed source script be any more vulnerable than opensource please? Are not ALL programs 100% dependant on developers with less risk of learning programmers who try to fix solutions with little knowledge with closed source? In my reading I see you say any bugs or security risks come from such sources as 'mods' which are being out of your control so would it not be correct to say that one would be dependant on your own developers if needing to be sure of proper fix?

Thank you for your answer.