[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-users] Security provisions of CK-ERP

From: C K Wu
Subject: [Phpgroupware-users] Security provisions of CK-ERP
Date: Fri, 21 Jan 2005 12:48:54 +0800
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041020

Hello, folks,

I noticed the Jan 14 irclog of #phpgroupware carried a query on the security of CK-ERP.

Perhaps, to clarify the situation, here is a brief list of the various security provisions built into CK-ERP.

1.  Full support of registered_globals = off
2.  Concurrent edit/delete safe
3.  Special transaction filtering mechanism to minimize SQL injection
4. All _GET and _POST vars are strip_tag'ed before being used (to avoid cross-site scripting)
5.  All scrpts are md5 checksum verified before execution
6.  Full transaction post-insert, post-edit, pre-delete image logging

However, internet is inherently a hostile place. If, CK-ERP, as a web application, is placed on the web for access by users anytime, anyplace, then, VPN or some encrypted tunnelling access is advised.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]