Open-AudIT

What's on your network?
It is currently Sun Apr 22, 2018 1:11 am

All times are UTC + 10 hours




Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 
Author Message
PostPosted: Thu Mar 24, 2011 7:35 pm 
Offline
Newbie

Joined: Thu Jan 28, 2010 2:09 am
Posts: 16
It results in (tested with windows plattform with xampp 1.7.4 windows):

Mostly PHP Errors, cos PHP 5.5.8 does have significant changes and functions disabled (ereg), show tips variable

But as there are important security patches done with apache 2.2.17 and MySQL. Therefor Apache and Mysql should be upgraded.

Will there be any fixes in OAv1 to run on a secure plattform?


Last edited by tekkie330 on Sun Apr 03, 2011 7:27 pm, edited 1 time in total.

Top
 Profile  
Reply with quote  
PostPosted: Fri Mar 25, 2011 2:01 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
I'd say not likely unless someone steps up and gets themselves SVN access. In the recent past that was ef but he's been quiet lately.

I think it would be easier to configure PHP to not show errors for deprecated functions. Should work as long as the functions aren't actually removed. Since it looks like xampp 1.7.4 has PHP 5.3.5 and ereg was deprecated in 5.3.0 we're probably good for a little bit as long as deprecated errors are disabled.

I think people have taken stabs at replacing ereg in previous posts. This isn't all that easy because you need to understand the regular express in the ereg to replace it with a new one.


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 03, 2011 7:30 pm 
Offline
Newbie

Joined: Thu Jan 28, 2010 2:09 am
Posts: 16
I managed to mix up an XAMPP 1.7.4 OA lite Version for me using 1.7.3 core and security relevant product updates.

As there are AFAIK no issues with PHP using OA i left PHP on the 1.7.3 version of XAMPP

replaced and integrated current Apache Version
same for Mysql

both taken from Version 1.7.4 of XAMPP

changed some conf files and paths in scripts

now it works and there are less security holes


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 03, 2011 7:30 pm 
Offline
Newbie

Joined: Thu Jan 28, 2010 2:09 am
Posts: 16
I managed to mix up an XAMPP 1.7.4 OA lite Version for me using 1.7.3 core and security relevant product updates.

As there are AFAIK no issues with PHP using OA i left PHP on the 1.7.3 version of XAMPP

replaced and integrated current Apache Version
same for Mysql
deleted unneded products like filezilla server and mercury

both taken from Version 1.7.4 of XAMPP

changed some conf files and paths in scripts and built a nu setup routine with INNO

now it works and there are less security holes


Top
 Profile  
Reply with quote  
PostPosted: Mon Apr 04, 2011 7:15 am 
Offline
Moderator

Joined: Fri Jul 20, 2007 8:27 am
Posts: 1254
tekkie330 wrote:
now it works and there are less security holes
I'm pretty sure there are "drive a truck through it" security holes in the OpenAudit code itself. I wouldn't put OE on a public facing web server. Security of the underlying components is only the first step to a truly secure system.


Top
 Profile  
Reply with quote  
PostPosted: Sun Apr 10, 2011 5:58 pm 
Offline
Newbie

Joined: Thu Jan 28, 2010 2:09 am
Posts: 16
I would never put it on a public host, but for me security in intranet/lan areas is important as well, regardless of flaws inside OA programming.

That means, if there are known sec issues in infrastructor (Mysql, Apache etc) they should be closed anyway by updating components


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 6 posts ] 

All times are UTC + 10 hours


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group