Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

Maximum ASP
  Need Help?  
Professional technical support for DotNetNuke is available from DotNetNuke Corporation.
 


  Ads  
WebHostForAsp.net
 


  Sponsors  

Meet Our Sponsors

SteadyRain
DataSprings - Great Ideas. Always Flowing.
R2integrated - formerly bi4ce
Jango Studios - Skins, Modules and Hosting for DotNetNuke
eUKhost.com is commited to offer exceptional UK Windows Web Hosting solutions with quality 24x7 technical support.Our plans support ASP.Net, ASP, ASP.NET Ajax extensions, XML, MSSQL, MySQL, PHP,DNN, multiple domains and Shared SSL as standard.
SmarterTools
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Announce It! ( ...  Any PowerDNN users?
Previous Previous
 
Next Next
New Post 5/21/2008 2:45 PM
User is offline Pat Cummings
62 posts
www.austinwebvision.com
10th Ranked


Re: Any PowerDNN users?  
PowerDNN:
I guess I do not understand why a vulnerability would be posted to a public site before a fix is applied.
 
Generally a good process to use is to fix the issue first then post the details. I understand you need to help your customers, however posting and making the vulnerability public creates another problem.
 
I could care less about someone charging for a fix. It’s the process of notifying the public that a vulnerability exists and that some systems are affected. On top of that a person can check whether another remote system is affected and proceed to target.
 
I think that’s the crux of the contention you are hearing from the community.
 
I think you should remove any posting and or tools from your public site until a fix is sent to the general public. What is your answer to this?
 
New Post 5/21/2008 2:45 PM
User is offline Scott Willhite
2165 posts
www.alkihomes.com
5th Ranked










Re: Any PowerDNN users?  

Pursuant to our forum policy, I am locking this "announcement" thread.  Please feel free to continue this convesation in one of our more conversation oriented forums so that our announcements may remain timely.

Kind Regards,
Scott

Scott Willhite
DotNetNuke Corp.

It is only with the heart that one can see rightly... what is essential is invisible to the eye.
~ Antoine de Saint-Exupéry
 
New Post 5/21/2008 2:49 PM
User is offline Sebastian Leupold
14288 posts
www.deutschnetnuke.de
1st Ranked












Re: Any PowerDNN users?  

 Alex Shirley wrote

Not only are there apparent vulnerabilities with sketchy details, but we now have a site that allows Tom, Dick, Harry, everybody else, and their dog to look at the security issues of everyone’s DNN website in mere seconds. IF indeed the website actually scans and checks for vulnerabilities rather than just anticipate them?... and all of us dance around like headless chickens :). In this case I think we are entitled to, that is because we don't exactly know the impact, because rightly or wrongly we assume the worst, and because the cat was out of the bag before the solution was made available. Plus there is a tool that apparently allows me to know that YOUR website is effected.

Alex,

as far as I understood, the "Scan" simply retrieves the installed DNN's version number and issues a list of potential security risks, I did run it against a customers site, which is not affected by previous issues due to its configuration (like being a single portal installation with host = admin, i.e. no risk of the admin gaining host permission) and the service listed the two assumingly identified new issues as all published security bulletins issued by DNN since that version (even if affecting later versions solely). To me, this scan does not really sound like a valuable service and, since noone had the chance to validate the changed code applied to the site, you cannot be sure that a) it fixes the issue and b) does not harm or damage your portal software. I would be very careful with accecpting any service like this.

Sebastian Leupold

DeutschNetNuke dnnWerk - The DotNetNuke Experts German DotNetNuke User-Group

DotNetNuke Project UserDefinedTable
DotNetNuke Project Release Tracker
 
 Page 13 of 13Previous123...1213 
Previous Previous
 
Next Next
  Forum  General DotNetN...  Announce It! ( ...  Any PowerDNN users?
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


UK - DotNetNuke providers
UK providers of DNN module development and skin package design. Oxford Information Labs provides cost-effective solutions for businesses and organisations specialising in Skin design and bespoke module development.
www.oxil.co.uk 		TronixSoft
Hosting for local businesses that want more from their websites.
www.TronixSoft.com 		The Forerunner Network
The Forerunner Network consists of a group of Dynamic Website & Interactive Membership Portal hosting services that are managed by Forerunner Communications. Our services span a wide range of markets and enable individuals, organizations and businesses to build and manage dynamic, interactive portals and websites.
The Forerunner Network

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP