rejetto forum

Software => HFS ~ HTTP File Server => Topic started by: rejetto on September 14, 2014, 05:25:49 PM

Title: Improving security
Post by: rejetto on September 14, 2014, 05:25:49 PM
Hello guys, i want to say THANKS to Daniele Linguaglossa aka xpl01t for the HUGE work he is doing on checking every security aspect of the software and communicating with me to get rid of the flaws.
He already found some major problems and many other risks. We are taking care of everything within my limited resources of time.
I owe him several beers.
Title: Re: Improving security
Post by: rejetto on September 14, 2014, 05:26:38 PM
and we are not done yet, expect at least another security update
Title: Re: Improving security
Post by: xpl01t on September 14, 2014, 05:29:10 PM
I'm pleased to work with you regarding fixing these security flaws and help hfs project to become a better tool, definitely risks-free  ;D
Title: Re: Improving security
Post by: LeoNeeson on September 16, 2014, 06:21:52 PM
As I've said in another post, I must say thank you, to both of you: Rejetto and Daniele Linguaglossa, for making this release. I'm very happy that Daniele finally did help Rejetto to fix this security issue. :)


PS: I owe an apology to you, Daniele. Because at first I thought that you were a 14-years-old hacker kid, who was bragging about it. I was wrong, and I give you my apology. Greetings! :D
Title: Re: Improving security
Post by: bmartino1 on September 18, 2014, 03:09:02 AM
i to want to show my appreciation to both the creator of hfs (Rejetto) and Daniele... aswell...

If i have offend you i apologize. keep up the good work and i look forward to seeing the new HFS releases.
....

I think 2.3 is still in beta??? so hfs 2.4? lolz :)
still wonder if the rarw live templates will still be available and / or the random rarw/temple macros found in the form don't kill the work ie admin .tpl...

I appreciate your work on this,
Bmartino1
Title: Re: Improving security
Post by: raybob on September 18, 2014, 08:07:27 PM
On a scale from 1 to 10 how applicable are these security concerns to FHFS then if they were on the client side?

Rejetto, maybe you can email me info on the hacks and I'll see if they need to be fixed in FHFS.

Maybe Daniele would be willing to review the security of FHFS even? :D

~ Ray
Title: Re: Improving security
Post by: rejetto on September 20, 2014, 10:55:17 AM
you'd better make a diff between 2.3a and 2.3c, and see whatever applies to your project.
The flaws are critical.
Title: Re: Improving security
Post by: DSGJ on October 12, 2014, 11:37:18 PM
Thank You Again rejetto for releasing the security updates, I use HFS as a personal and limited access to a few friends as a web based cloud server so keeping things secure is really important. :)
So
Thank You, Thank You, Thank You Again! :D