On Friday 16 January 2004 10:49 am, Dominic Stratten wrote:

> > The website url is http://www.partsfortrade.com

Powered by phpBB 2.0.6 =A9 2001, 2002 phpBB Group

2.0.6 has some serious cross-site scripting security holes.  Make sure=20
you're up to 2.0.6C, and there was a PHP announcement that they released=20
some patches for PHP also that affected phpBB and a number of other=20
"portal" type software packages. =20

Hopefully you've patched for all of these.  phpBB and a number of the=20
popular PHP-based portals/groupware engines are prone to having about one=20
major security patch a month (source: SANS security announcement mailing=20
lists), which is too high for my tastes to run them on a high-profile=20
public site.  If you do, I feel you have to be "more vigilant" than you=20
would with some other options.

=2D-=20
Nate Duehr, nate@natetech.com

--
http://www.piclist.com hint: To leave the PICList
mailto:piclist-unsubscribe-request@mitvma.mit.edu