• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Help Examining JForum Security Issues Needed

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all! I'm in the process of evaluating JForum for security issues. The goal is to find any outstanding security defects and submit patches back to the JForum team. My motivation for finding these issues is so my project at http://opensource.fortifysoftware.com can use JForum as the backend forums without having to worry about additional attacks (since it's a security focused project, all of the software running the site is under additional scrutiny)

It is much easier to perform this type of security review with help from the developers. If you know the JForum code base, please go to: http://opensource.fortifysoftware.com and register to help! We've already found a few issues that have given us some concern. It'd be great to get a second opinion.


For background information, the project is the Java Open Review project. The project is reviewing open source components for potential software security issues and code quality issues. If you're not interested in helping JForums, there might be other projects that you can help with, or you can submit your own.

PM me if you have any additional questions.
[originally posted on jforum.net by openreview]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I would not use it in any situation where security may be a concern until this issue is resolved somehow: http://www.jforum.net/jira/browse/JF-647

There is no means for disabling accounts in the system.

[originally posted on jforum.net by CaliforniaCCW]
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic