Hey all,
1. I would like to know, is it OK to perform version upgrade while there are users online on my website.
2. This software is open-source. Are there any known security issues that can damage my website by hackers and malefactors that are familiar with the source-code?
3. Where I can find the hash-function that hashes user passwords before writing them to the DB.
Thank you all in advance! :)
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
Upgrade and Security | Forum
Team Alia
Apr 16 '13
1. When you update the software, script automatically puts your site to maintenance mode.
2. Number of users reported spammer registration. To avoid this make sure to have anti-spam plugin, a couple of requiredquestions on registration page, enable verification feature, and if you would like to enable mandatory user approve as well.
3. check user_service.php, lines 808-810:
public function hashPassword( $password )
{
return hash('sha256', OW_PASSWORD_SALT . $password);
}
2. Number of users reported spammer registration. To avoid this make sure to have anti-spam plugin, a couple of requiredquestions on registration page, enable verification feature, and if you would like to enable mandatory user approve as well.
3. check user_service.php, lines 808-810:
public function hashPassword( $password )
{
return hash('sha256', OW_PASSWORD_SALT . $password);
}
