Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

telerik -- supercharge your DNN websites
  Ads  
Engage Software - Training Partner for DotNetNuke
 


  Sponsors  

Meet Our Sponsors

eUKhost.com is commited to offer exceptional UK Windows Web Hosting solutions with quality 24x7 technical support.Our plans support ASP.Net, ASP, ASP.NET Ajax extensions, XML, MSSQL, MySQL, PHP,DNN, multiple domains and Shared SSL as standard.
SmarterTools
Verndale
The Official Microsoft ASP.NET Website
Portal Webhosting - Hosting For Developers
Red-Gate Software
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Chat About It!  PowerDNN Security Hotfix
Previous Previous
 
Next Next
New Post 5/23/2008 12:06 PM
User is offline Bill Yonder
12 posts
10th Ranked


Re: PowerDNN Security Hotfix 

Hi Charles,
That all sounds good and well except that, per shaun's blog, I have a really hard time beleaving any of it.  DotNetNuke Corp had two companies contact them, one of them was a prominent vendor in the DotNetNuke community, and neither of them provided any details....?  Yeah right...  DotNetNuke Corp - Get off your high horse and get the issues resolved.

Right now you guys should stop flaming them and just get the patch out.

Oh, by the way, good job on the censorship - I see ya'll deleted the thread that had all of powerdnn's posts in it.

Bill

 
 
New Post 5/23/2008 1:37 PM
User is offline Jeff Cochran
1552 posts
5th Ranked


Re: PowerDNN Security Hotfix 

 Bill Yonder wrote

I tried going to the insecure page on DotNetNuke.com and it has been fixed.

What does that mean?  If it means the PowerDNN scanner no longer shows the site as vulnerable, then it may not be patched.  I "patched" my site by removing the text files the PowerDNN scanner looks for.  Now my site is no longer vulnerable according to the scanner.  Honestly, removing text files that never get served doesn't secure my site from SQL injection and the other horrors that PowerDNN alludes to.

Be patient or pay PowerDNN for the "patch".

Jeff
 
New Post 5/23/2008 1:46 PM
User is offline Bill Yonder
12 posts
10th Ranked


Re: PowerDNN Security Hotfix 

At this point I'm loosing a lot of confidence in the core team really quickly.  In another post, charles said this issue has existed for 12-18 months!  I would expect that with something that has been around that long that they would already have an official patch.  What scares me the most is that the core team doesn't seem to care.

Bill
 
New Post 5/23/2008 1:49 PM
User is offline Charles Nurse
2915 posts
5th Ranked










Re: PowerDNN Security Hotfix 

Bill

We have a security policy for a reason.

We may have done a quick and dirty fix to our site - but we CANNOT release a quick and dirty patch to our users - we HAVE to release the proper fix, AFTER proper testing.

Charles Nurse
DotNetNuke Trustee,
Senior Architect, DotNetNuke Coporation
 MVP (ASP.NET) and
ASPInsiders Member
View my profile on LinkedIn
See my Blog for Articles on .NET, DNN and Module Development

View my Blog
 
New Post 5/23/2008 2:09 PM
User is offline Bill Yonder
12 posts
10th Ranked


Re: PowerDNN Security Hotfix 

When is that going to be?  Today?  Next week?  Next month?  Any ETA at all?

Bill
 
 Page 3 of 5Previous12345Next 
Previous Previous
 
Next Next
  Forum  General DotNetN...  Chat About It!  PowerDNN Security Hotfix
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


IHostASP.NET Provides the Ideal DNN Hosting
We will help you with the installation, configuration, and troubleshooting of your DNN portal, no task is too big or small for us. Unlike other companies we are not just providing a reliable hosting service, but we are also focused on providing the best DotNetNuke hosting service on the internet.
www.ihostasp.net 		$7.16/mo - Powerful DotNetNuke / DNN Hosting
Powerful DotNetNuke / DNN Hosting on Windows 2008 and 2003 servers, starting at under $8/mo with FREE SQL 2008 on certain plans and FREE SQL 2005 on all plans with FREE Installation and expert support.
www.re-invent.com 		ASP.NET Web Hosting for $3.95
3 Month FREE ASP.NET Hosting! FREE Setup! DNN Support! FREE Domain Name! FREE Components! Host multiple websites on 1 plan! 30 Days Money Back Guarantee!
www.dailyrazor.com

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP