I think this is a good question for both site owners who have large amount of users and some beginner of Oxwall.
Thanks :)
We build. You grow.
Get best community software hereStart a social network, a fan-site, an education project with oxwall - free opensource community software
How to prevent Oxwall Powered Sites from hacking? | Forum
Frank Z
May 17 '15
As a newbie to server security, I would like to ask, besides keep your server information secrete (of course), what else can we do or what else do Oxwall developers suggest for oxwall based sites' security?
Team Taissa
May 21 '15
Frank Zhang, if we are talking about the Oxwall software security then I can say that our passwords are hashed using SALT. It represents the SHA-256 hash of the static OF STATIC SALT pepper concatenated with the user's password. That means that there is no way to decrypt something that has been encrypted with it.
To prevent an SQL injection all user input content are validating by using special functionalities on a mandatory basis.
If you want more security on your website you may use the SSL certificate but you will need to do it on your own.
Also for greater security, I advising you to periodically change your FTP and cPanel admin passwords.
To prevent an SQL injection all user input content are validating by using special functionalities on a mandatory basis.
If you want more security on your website you may use the SSL certificate but you will need to do it on your own.
Also for greater security, I advising you to periodically change your FTP and cPanel admin passwords.
yaser alimardany
Oct 26 '15
Hi,
I want to know about oxwall input validator for preventing sql injection? Which function you used in your code?
Team Taissa
Nov 2 '15
Yaser, we use PDO positional placeholders to secure all SQL query parameters. You can find an example in this function:
public function updateStatusByBundle( $pluginKey, $bundle, $status )
{
$query = "UPDATE `" . $this->getTableName() . "` SET `" . self::STATUS . "` = :status WHERE `".self::PLUGIN_KEY."` = :pk AND `" . self::BUNDLE . "` = :bundle";
$this->dbo->query($query, array('status' => $status, 'bundle' => $bundle, 'pk' => $pluginKey));
}
public function updateStatusByBundle( $pluginKey, $bundle, $status )
{
$query = "UPDATE `" . $this->getTableName() . "` SET `" . self::STATUS . "` = :status WHERE `".self::PLUGIN_KEY."` = :pk AND `" . self::BUNDLE . "` = :bundle";
$this->dbo->query($query, array('status' => $status, 'bundle' => $bundle, 'pk' => $pluginKey));
}
Team
Michele
Nov 6 '15
"That means that there is no way to decrypt something that has been encrypted with it."
Sorry, I understand this very little,... does this mean it doesn't mater if they have letter/ # combos or an uppercase/ lowercase password..... that the security is "so good" that even if it's a 4 letter password, robots won't be able to guess?
Sorry, I understand this very little,... does this mean it doesn't mater if they have letter/ # combos or an uppercase/ lowercase password..... that the security is "so good" that even if it's a 4 letter password, robots won't be able to guess?
Team
OW-Ghost
Apr 18 '16
one huge problem is oxwall does not work with mod securityi agree a huge problem for sort out invalid submissions that can take totally control of you website
yaser alimardany
May 7 '16
I wrote an plugin for preventing CSRF attack. Our portal will be run 1 month later. You can use our plugin to prevent specific attacks like CSRF.
Also I wrote a plugin for managing privacy of posts of user per post.
Also I wrote a plugin for managing privacy of posts of user per post.
OW-Ghost
May 7 '16
I wrote an plugin for preventing CSRF attack. Our portal will be run 1 month later. You can use our plugin to prevent specific attacks like CSRF.can you sell that 2 plugins at oxwall store?
Also I wrote a plugin for managing privacy of posts of user per post.
Leader dave
May 7 '16
Yes it must be thru the store, never buy anything unless its thru the store, thats one way you can get hacked.
