Small width layout Medium width layout Maximum width layout Small text Medium text Large text
     Search
Downloads Downloads Directory Directory Forums Forums Forge Forge Blogs Blogs        Marketplace Marketplace Careers Program Careers
Community › Forums Register  |  

PortalWebHosting
  Ads  
Iron Speed Designer is a software development tool for building database, reporting, and forms applications for .NET without hand-coding.
 


  Sponsors  

Meet Our Sponsors

Merak Mail Server
WebSecureStores -- ASP.NET & DotNetNuke Hosting Solutions
FCKeditor Project
Salaro -- Skins and more
OnyakTech
CrystalTech Web Hosting™
 


DotNetNuke Forums
 
  Forum  General DotNetN...  Chat About It!  How do you report a security issue?
Previous Previous
 
Next Next
New Post 5/23/2008 1:30 PM
User is offline Bill Yonder
12 posts
10th Ranked


How do you report a security issue? 

Hi All,

So, I've been digging through the source code and I've found an issue relating to how DotNetNuke handles the encrpyion of fileticks and other related data.  I've been looking though the site and I can't seem to find where to post the data to report it.

Where do I send it off to so I can make sure not to get publicly crucified for finding issues like the core team did to powerdnn?

Bill
 
New Post 5/23/2008 5:04 PM
User is offline Scott Willhite
2178 posts
www.alkihomes.com
5th Ranked










Re: How do you report a security issue? 

 Bill Yonder wrote

Hi All,

So, I've been digging through the source code and I've found an issue relating to how DotNetNuke handles the encrpyion of fileticks and other related data.  I've been looking though the site and I can't seem to find where to post the data to report it.

Where do I send it off to so I can make sure not to get publicly crucified for finding issues like the core team did to powerdnn?

Bill

Greetings Bill ~

The page you are looking for is on the menu at News / Security Bulletins / Security Policy.  Here is a direct link for your convenience:

http://www.dotnetnuke.com/News/SecurityBulletins/SecurityPolicy/tabid/940/Default.aspx

For future reference, MOST companies employ a "security @..." email address (similar to abuse@, sales@, etc).  It is very common practice.

Kind Regards,
Scott

Scott Willhite
DotNetNuke Corp.

It is only with the heart that one can see rightly... what is essential is invisible to the eye.
~ Antoine de Saint-Exupéry
 
New Post 5/23/2008 5:04 PM
User is offline Charles Nurse
2915 posts
5th Ranked










Re: How do you report a security issue? 

Bill

Here it is.

http://www.dotnetnuke.com/News/SecurityBulletins/SecurityPolicy/tabid/940/Default.aspx

It is on the menu News/Security Bulletins/Security Policy

 

Charles Nurse
DotNetNuke Trustee,
Senior Architect, DotNetNuke Coporation
 MVP (ASP.NET) and
ASPInsiders Member
View my profile on LinkedIn
See my Blog for Articles on .NET, DNN and Module Development

View my Blog
 
New Post 5/23/2008 5:26 PM
User is offline Charles Nurse
2915 posts
5th Ranked










Re: How do you report a security issue? 

Bill

The issue you reported has been moved to the Private Gemini Log - so that the distribution of information is kept limited.  I was going to post a comment on the issue asking for you to send me any ideas/recommendations you might have to fix it - but I realised you wouldn't be able to see my comment.

Can you email me directly at charles dot nurse at dotnetnuke dot com - so we can begin a dialog on this.

Thanks

Charles Nurse
DotNetNuke Trustee,
Senior Architect, DotNetNuke Coporation
 MVP (ASP.NET) and
ASPInsiders Member
View my profile on LinkedIn
See my Blog for Articles on .NET, DNN and Module Development

View my Blog
 
New Post 5/23/2008 6:16 PM
User is offline cathal connolly
2757 posts
www.cathal.co.uk
5th Ranked










Re: How do you report a security issue? 

Hi Bill,

I sent an email to your account about an hour ago, with copies of 2 relevant comments on why I don't believe this is an issue, and my contact details if you want to discuss this further.

Thanks,
Cathal Connolly

DotNetNuke Security team
 
 Page 1 of 212Next 
Previous Previous
 
Next Next
  Forum  General DotNetN...  Chat About It!  How do you report a security issue?
 


Forum Policy

These Discussion Forums are dedicated to the discussion of the DotNetNuke Web Application Framework.

For the benefit of the community and to protect the integrity of the project, please observe the following posting guidelines:

1. No Advertising. This includes promotion of commercial and non-commercial products or services which are not directly related to DotNetNuke.
2. Discussion or promotion of DotNetNuke product releases under a different brand name are strictly prohibited.
3. No Flaming or Trolling.
4. No Profanity, Racism, or Prejudice.
5. Site Moderators have the final word on approving/removing a thread or post or comment.
6. English language posting only, please.
 


Active Modules, Inc.
Creators of Active Forums, the best forum module for DotNetNuke
www.activemodules.com 		DNNCovered.com - Your Offshore Dotnetnuke Partner
Dnncovered.com is the only Dotnetnuke offshore outsourcing center specializes in DNN skinning and module development with lowest pricing and quality service. Our staff is dedicated to websites based on DNN and our graphic designers are creative and imaginative well enough to provide customers the complete set of skinning solutions and packages
www.dnncovered.com 		PointClick.Net DNN Solutions
DotNetNuke Hosting Platform for Business and personal use.
PointClick.Net Hosted Solutions

DotNetNuke Corporation   Terms Of Use  Privacy Statement
DotNetNuke®, DNN®, and the DotNetNuke logo are trademarks of DotNetNuke Corporation
Hosted by MaximumASP