|
Saturday, 27 May 2006 12:05 |
|
| |
 | I've getting now many emails and bugs reports about security images
3.0.4. After looking closely at the source code and trying to reproduce
those problems, I finally found the bug.
In fact this component is
now a victim of its success, using it everywhere has also revealed a
serious design flaw, but let me explain....
Security Images is using 2 hidden fields in the background:
- Security_try which contains the text entered by the user
- Security_refid,
which contains a UUID which will be use or not (depending on the
Plugin) to locate the private key in the database or session.
And these hidden fields names are spread in the code... this let the horror scenario happen:
If
you have many securityimages (captcha images) generated in the same
page: login module may have one, Guestbook may have one for example,
the code wont work!
The browser will submit all Hidden fields which
are in the form, and thus the first input text box (Security_try) may
overwrite what the user has entered in another one...rejecting always
the user as a result. |
Solutions
- Prio 1: framework has to be configurable from the outside,
- Prio 1: Free porn attack counter measures will be add to HNCapctha Plugin
Release
3.0.5 (Patch)
- Free porn attack counter measures will be add to HNCapctha Plugin.
4.0.0 will have non compatible API changes
You will have to change some 3rd party components, but I will support following 3rd party components:
- com_contact (Joomla core)
- com_login (Joomla core)
- com_registration (Joomla core)
- akobookPlus
- akoCommenPlus
Other like Community Builder, Galleries, JoomlaBoard
will have to be supported by their own authors. Please contact them
about that issue, I will document how to use the 4.0 in my wiki.
Other new functionnalities will be add to the 4.0 releases soon. (You can submit your ideas here)
Since it is raining over there :-( , it is realistic to see the version 4.0.0 before monday 29.05.2006
AkobookPlus new languages files:
Related Posts
-
Just in case I take too much time to deliver a ready to use download, duration 5 minutes, but you need to understand basic php coding Create a temporary directory c:\patch Copy an existing patch distribution, under a new name For example, lets download Joomla_1.5.13-Stable-Full_PackageForSecurityImages5.1.x_v01.01.00.zip into c:\patch\
395 days ago
-
Only for SecurityImages 5.1.x and Joomla! 1.5.13 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.13 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture
405 days ago
-
Only for SecurityImages 5.1.x and Joomla! 1.5.12 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.12 only and SecurityImages 5.1.x or later 14 files has been altered, mostly views, and com_contact/com_user controller, click on picture
427 days ago
-
This version should improve installations on some host, where the plugin securityimages.php did not always install properly. The reason behind is that I did add falsely an additional file index.html in plugin.zip. This may lead to permissions issues during installation. SecurityImages 5.1.2 do not contains any other changes, so If you’re happil
427 days ago
-
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.11 Since Joomla 1.5.11 is released...Here are the new patches for SecurityImages 5.1.1 AND Joomla! 1.5.11 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for J
458 days ago
-
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.10 Since Joomla 1.5.10 is released...Here are the new patches for SecurityImages 5.1.1 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.10 only
525 days ago
-
Following the Preview of SecurityImages 5.2.0, I am currently developing a proof of concept using the Ajax library JQUERY jQuery is a fast and concise JavaScript Library that simplifies HTML document traversing, event handling, animating, and Ajax interactions for rapid web development. jQuery is designed to change the way that you write Jav
571 days ago
-
Some people have reported issue in the forum I've found the error in my code in some views but not all: img src="/<?php echo JURI :: root() ?>/index.php? as a result, there is in image URL a double / which cause issues on some web host (no image displayed) I now provide a new patches versions for Joomla! 1.5.8 and 1.5.9 that
593 days ago
-
The Joomla! community is pleased to announce the immediate availability of Joomla! 1.5.9 Since Joomla 1.5.9 is released...Here are the new patches for SecurityImages 5.1.0 Allow login views, login modules, register, lost password, lost user account and contact section to be protected by SecurityImages Are for Joomla! 1.5.9 only
600 days ago
-
An insight at securityimages 5.2.0 still in development, as usual, all comments are welcome either in this post or in my forum NEW: fonts are now auto detected, and a better widget is now available for selecting them, sorry still no font preview in php ;-) You can install your own true type fonts at /administrator/components/com_securityimages
641 days ago
relatedArticles
|
|
Last Updated on Sunday, 28 May 2006 11:02 |
|
Tags
Module Jetbrains Teamcity for Joomla!