PHPNuke.
Dustin Decker
dustind at moon-lite.com
Tue Jul 22 19:37:26 CDT 2003
On Tue, 22 Jul 2003, Frank Wiles wrote:
> On Tue, 22 Jul 2003 09:09:51 -0500
> ismgr <ismgr at atchisonkansas.net> wrote:
>
> > I was just wondering how many of you have used this.
> >
> > I'd be particularly interested in stability, ease of configuration,
> > etc.
> >
> > I'd also welcome any suggestions on docs to help in securing an
> > Apache-PHP-PostgreSQL installation.
>
> I cannot strongly enough suggest using something else. It has nearly
> a security problem each week. Go to securityfocus.com and search
> Bugtraq for the 'PHPNuke' I found 51 posts.
I'm with Frank on this - PHPNuke is known to have several
vulnerabilities... I'm not even sure they've all had a patch released for
them. PostNuke, a fork (well, a complete re-write as I understand it) of
nuke was designed with security in mind from the start as opposed to the
standard afterthought. I've used postnuke for a few projects, and find it
easy to manage - and more importantly, patched quickly in those rare
instances of security items.
The _best_ thing to do is learn how to code things the way you want them.
I too am one busy guy though, and can understand why these portal systems
are so popular.
Synopsis:
PHPNuke bad, Postnuke not nearly as bad.
D.
--
o-----------------------------------o
| Dustin Decker - CNA, MCP |
| dustin at dustindecker.com o-------------------------------------o
| Network Engineer | "Evil is that which one believes of |
| Preferred Physicians Group | others. It is a sin to believe |
o-------------------------------| evil of others, but it is seldom |
| a mistake." |
| -- H.L. Mencken |
o-------------------------------------o
More information about the Kclug
mailing list