Welcome,
Guest
.
Please
login
or
register
.
Did you miss your
activation email
?
News:
Elxis documentation
for users and developers.
Home
Help
Login
Register
Elxis CMS Forum
»
Support
»
Security
»
Security issue
« previous
next »
Print
Pages: [
1
]
Author
Topic: Security issue (Read 7219 times)
Amigamerlin
Sr. Member
Posts: 358
Security issue
«
on:
May 25, 2007, 14:11:12 »
Hi guys,
before all thanks for this wondperfull product.
I'm preparing a website using ELXIS and submitting my site for know the level of security using Acunetix free service. I've got only one medium error related to "PHPSESSID session fixation" and a lot of other low level vulnerability.
This is the complete report:
PHPSESSID session fixation Medium 1
Application error message Low 21
Possible sensitive directories Low 9
TRACE Method Enabled Low 1
User credentials are sent in clear text Low 16
Email address found Informational 2
Password type input with autocomplete enabled Informational 19
I really would like to know what mean the "PHPSESSID session fixation" Medium vulnerability and if someone can explain me it better.
Thanks a lot for your help and answers.
Bye
Logged
datahell
Elxis Team
Hero Member
Posts: 10356
Re: Security issue
«
Reply #1 on:
May 25, 2007, 17:50:00 »
It is almost imposibble for someone to hijack your session. Off course it is also a server/PHP settings issue, not just Elxis. Some servers add the PHPSESSID in the url, I think this is when you have open_basedir restriction in PHP. To hijack your session someone must first know your session. It is very-very-very-very-very difficult for this to be done.
Read this about session fixation:
http://phpsec.org/projects/guide/4.html
All other alerts are nothing to worry about.
Logged
Elxis Team
|
Is Open Source
|
IOS Rentals | IOS AERO
Print
Pages: [
1
]
« previous
next »
Elxis CMS Forum
»
Support
»
Security
»
Security issue