Announcement

Collapse
No announcement yet.

backup.php? A security hazard?

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • CMX
    replied
    But, if somehow by mistake someone did something ignorant and accidentally pasted their password somewhere...

    (A lot of people have done it in IRC with their nickserv identify password and not even realized it, or gave their irc script to someone).

    It could happen by mistake, everyone is human

    If one of the admin pw's got into the wrong hands, it could spell trouble hehe.

    Also, why would you have the admin log stats restricted? Yet the admin could easily backup the entire admin log with the backup command?

    I just would think they would be linked together, maybe its just me, I dunno.
    Last edited by CMX; Tue 11 Sep '01, 12:26am.

    Leave a comment:


  • Steve Machol
    replied
    Intersting idea. However I wouldn't trust anyone to be an Admin if I couldn't trust them to not abuse user passwords.

    Leave a comment:


  • CMX
    started a topic backup.php? A security hazard?

    backup.php? A security hazard?

    I did a brief search on this forum in the bug reporting and this forum about this topic, didnt find anything related.

    So my question is, isnt backup.php available to any administrator a bad thing? It dumps the full database, passwords, everything.

    I would think that this line would be present in this file

    if (! checklogperms($canviewadminlog,1,"<p>Admin log viewing restricted.</p>"))
    exit;
    (I added this to my own vB script, but shouldnt it be added to the full release?)
widgetinstance 262 (Related Topics) skipped due to lack of content & hide_module_if_empty option.
Working...
X