http://siteframe.org/tag/security en-US ©2005-7 Glen Campbell Sat, 09 Dec 2006 14:39:09 MST Siteframe 5.0.5 webmaster@siteframe.org http://blogs.law.harvard.edu/tech/rss 30 This is a maintenance release of Siteframe 3.2. It includes security features such as a CAPTCHA function to prevent automated spammers from registering on the site. Enabling the CAPTCHA From the Control Panel > Extended Properties page, enter a word or phrase (a relatively simple word is... Sat, 09 Dec 2006 14:39:09 MST http://siteframe.org/p/siteframe-3-2-3 http://siteframe.org/p/siteframe-3-2-3 captcha download security siteframe In search.php, an unmodified $_GET variable is assigned to a Smarty variable, where it can be displayed on a page. A malicious intruder could insert evil Javascript into the query string and execute it from the page. IMMEDIATE FIX On line 64 of search.php, wrap the $_GET['q'] in the... Sat, 11 Feb 2006 15:38:33 MST http://siteframe.org/p/xss_vulnerability_in_siteframe_501 http://siteframe.org/p/xss_vulnerability_in_siteframe_501 security xss Siteframe Beaumont is the 5.0 release of Siteframe. It is a complete rewrite of the underlying Siteframe codebase, and includes a number of innovative features. Here are some of the more notable ones: Simplified registration/invitation interface. If an existing user invites a new user to... Sat, 26 Nov 2005 23:27:39 MST http://siteframe.org/p/siteframe_beaumont_5x_features http://siteframe.org/p/siteframe_beaumont_5x_features beaumont favorites features images invitation register rss security siteframe smarty tags Siteframe has, unfortunately, been shown to be vulnerable to cross-site scripting attacks. In this case, an attacker from a remote site can use a security hole in Siteframe to access files on the attacked computer.There is a fix; you need to edit the file web/siteframe.php and change this line... Sat, 26 Nov 2005 22:40:46 MST http://siteframe.org/p/siteframe_3_crosssite_scriptiong_xss_vulnerability http://siteframe.org/p/siteframe_3_crosssite_scriptiong_xss_vulnerability security siteframe xss Siteframe 3.2.2 is the most current stable release of the v3 series of Siteframe. It contains all known security fixes. Sat, 26 Nov 2005 22:38:41 MST http://siteframe.org/p/siteframe_322 http://siteframe.org/p/siteframe_322 download security siteframe Siteframe is designed to give site members control over their content. Therefore, when something is deleted, it is gone from the site's database and filesystem permanently (note: if regular backups are made of the site's database and files, then it's possible to restore accidentally-deleted... Fri, 22 Apr 2005 23:31:31 MDT http://siteframe.org/p/deleting_content http://siteframe.org/p/deleting_content backup deleting security A registered site member can optionally be flagged as an administrator account. Administrators are the gods of a Siteframe website; they have unlimited control over all site objects, and can edit or delete any object as needed, including other members. When the site is first created, an initial Fri, 22 Apr 2005 23:27:51 MDT http://siteframe.org/p/administrators http://siteframe.org/p/administrators administrator security NOTE: RECENT REVISIONS TO SITEFRAME HAVE RENDERED THIS DISCUSSION OBSOLETE. STAY TUNED FOR FURTHER UPDATES. The three most common types of objects used on a Siteframe website are Pages, Folders, and Files. This page describes what each of these objects are, how they are used, and what some of the... Fri, 22 Apr 2005 23:07:05 MDT http://siteframe.org/p/about_pages_folders_and_files http://siteframe.org/p/about_pages_folders_and_files access file folder page security weblog