ClipShare Pro 2.6 Released (Security / Bug Fix Release)

[test]

Quote:

Originally Posted by Guthix2007

hey guys can you tell me if this version's CSS layout will be compatible with 3.0 when it comes out as i'm gonna buy 2.6 today mainly because the new CSS skins look nice and i can easily change to a different shade of blue e.t.c

thanks

Probably won't know until it comes out.

[Guthix2007]

ahh ok then, but do you think its easy to change a few images on the skin such as where it says "clip share pro" i want to insert our own custom made image there and change the sky blue to a different shade.

I've already contacted my guy on guru for the modifications, mind you its CSS so it should be easy...............i hope

[test]

There is a video in the index page that isn't playing anything. It seems to be trying to load and undefined file.

[Aryos]

Quote:

Wow...

It will be a long diff!

If anyone need help with the upgrade, pm me.

Regards,

Guzmán

I'm afraid the .diff file is more than 3000 (3 thousand) lines long. And you can't use a program to automatically apply the .diff file, because, asking for a .diff file, in the first place, means you have MODs installed, so it will not work. Using the already patched files and re-applying your MODs, will require far less work than applying the changes, manually, to your MODed files.

Now, about this release:
We do not claim this is a 100% secure (aka "hacker-proof") release. For 2 reasons mainly:
- There is no such thing as "100% secure".
- There are probably more issues (security-wise) still left in the code of 2.6, that will have to be patched.

The code will be revised again and again, to find even more security issues (if they exist) and to patch some more bugs that probably still exist in the 2.6 code. This will be for users that will not be willing to upgrade to 3.0, so that they can have a 99,9% secure and stable 2.x version.
However, we are focused in the release of 3.0, this period, so these, new 2.x patches are not the first priority in the schedule.

[theGrindLab]

If 3.0 looks/works this well PLUS has even better security then Clip-share just kept my business. Heck, I might not sell one of my licenses and I might get a THIRD license if the price is right.

[Aryos]

ClipShare 3.0.1 is 100% patched for security, in all possible places (I mean, I have even patched the external libraries, such as Ajax and AdodBLite), worked line-by-line, in all files.
I also added some more layers of security. Examples:
http://www.sane-city.com/include/config.php
http://www.sane-city.com/include/ado.../adodb.inc.php

Again, this does nor guarantee a 100% secure site, however, we did everything humanly possible, with the current knowledge against XSS and sql injection attacks.

[Aryos]

And a last one: more sophisticated approaches could be adopted in the security part, however, these cost in CPU overhead, in EVERY page output, so we did not write an entire class or something, but used the most common techniques available. Future will show how good it is. That Turkish guy is still out there..

[valor]

Quote:

Originally Posted by Aryos

I'm afraid the .diff file is more than 3000 (3 thousand) lines long. And you can't use a program to automatically apply the .diff file, because, asking for a .diff file, in the first place, means you have MODs installed, so it will not work. Using the already patched files and re-applying your MODs, will require far less work than applying the changes, manually, to your MODed files.

Hi!

That was what I was talking about by "long diff", I was referring to anyone with problems diff between his/her modded version and how it was that original version (not 2.6).
Which probably will rquire me or whoever does it, to take that diff (mods applied to the original version) and then, line by line, review & apply where it should the new 2.6 version.

I wasn't thinking in reading 3000 lines of code

By the way regarding security, I saw you recomend an htaccess which disable mod_security to avoid some kind of problems. Have you ever tried having a mod_security which only applies rules to avoid XSS and SQL injection but do not apply rules regarding size or type of content? That could do the trick and provide a high grade extra layer of security.

[Aryos]

Quote:

By the way regarding security, I saw you recomend an htaccess which disable mod_security to avoid some kind of problems. Have you ever tried having a mod_security which only applies rules to avoid XSS and SQL injection but do not apply rules regarding size or type of content? That could do the trick and provide a high grade extra layer of security.

No, but I believe that works good under Apache 2.x and not 1.3.x. Your suggestion is very good, however, most of the clients are in a novice level, regarding security/use of mod_security, so the more instructions provided, the more they would be messed up. Those who know good about mod_security, I'm sure know how to enable these options and handle well the extra security added, to avoid issues.

[bman]

1st i would like you to patch 2.X more because we are using it RIGHT NOW and we cant wait for 3.X to feel safe from hackers

2and please provide the steps to keep mod_security enabled with out effecting clip-share

3rd i would like to ask do i need to replace the template files for 2.5rc1 if i want to upgrade to 2.6 ? or i can still use the same old template files ?