Open-AudIT
https://www.open-audit.org/phpBB3/

[Workaround] XAMPP 1.7.4 --> OA not working any more
https://www.open-audit.org/phpBB3/viewtopic.php?f=8&t=4761
Page 1 of 1

Author:  tekkie330 [ Thu Mar 24, 2011 7:35 pm ]
Post subject:  [Workaround] XAMPP 1.7.4 --> OA not working any more

It results in (tested with windows plattform with xampp 1.7.4 windows):

Mostly PHP Errors, cos PHP 5.5.8 does have significant changes and functions disabled (ereg), show tips variable

But as there are important security patches done with apache 2.2.17 and MySQL. Therefor Apache and Mysql should be upgraded.

Will there be any fixes in OAv1 to run on a secure plattform?

Author:  jpa [ Fri Mar 25, 2011 2:01 am ]
Post subject:  Re: XAMPP 1.7.4 --> OA not working any more

I'd say not likely unless someone steps up and gets themselves SVN access. In the recent past that was ef but he's been quiet lately.

I think it would be easier to configure PHP to not show errors for deprecated functions. Should work as long as the functions aren't actually removed. Since it looks like xampp 1.7.4 has PHP 5.3.5 and ereg was deprecated in 5.3.0 we're probably good for a little bit as long as deprecated errors are disabled.

I think people have taken stabs at replacing ereg in previous posts. This isn't all that easy because you need to understand the regular express in the ereg to replace it with a new one.

Author:  tekkie330 [ Sun Apr 03, 2011 7:30 pm ]
Post subject:  Re: [Workaround] XAMPP 1.7.4 --> OA not working any more

I managed to mix up an XAMPP 1.7.4 OA lite Version for me using 1.7.3 core and security relevant product updates.

As there are AFAIK no issues with PHP using OA i left PHP on the 1.7.3 version of XAMPP

replaced and integrated current Apache Version
same for Mysql

both taken from Version 1.7.4 of XAMPP

changed some conf files and paths in scripts

now it works and there are less security holes

Author:  tekkie330 [ Sun Apr 03, 2011 7:30 pm ]
Post subject:  Re: [Workaround] XAMPP 1.7.4 --> OA not working any more

I managed to mix up an XAMPP 1.7.4 OA lite Version for me using 1.7.3 core and security relevant product updates.

As there are AFAIK no issues with PHP using OA i left PHP on the 1.7.3 version of XAMPP

replaced and integrated current Apache Version
same for Mysql
deleted unneded products like filezilla server and mercury

both taken from Version 1.7.4 of XAMPP

changed some conf files and paths in scripts and built a nu setup routine with INNO

now it works and there are less security holes

Author:  jpa [ Mon Apr 04, 2011 7:15 am ]
Post subject:  Re: [Workaround] XAMPP 1.7.4 --> OA not working any more

[quote="tekkie330"]now it works and there are less security holesI'm pretty sure there are "drive a truck through it" security holes in the OpenAudit code itself. I wouldn't put OE on a public facing web server. Security of the underlying components is only the first step to a truly secure system.

Author:  tekkie330 [ Sun Apr 10, 2011 5:58 pm ]
Post subject:  Re: [Workaround] XAMPP 1.7.4 --> OA not working any more

I would never put it on a public host, but for me security in intranet/lan areas is important as well, regardless of flaws inside OA programming.

That means, if there are known sec issues in infrastructor (Mysql, Apache etc) they should be closed anyway by updating components

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/