Support Offline: Mon - Fri / 08:00am - 05:00pm (GMT +7)
Your Time: Our Time:

exclamation-circle JUX Portfolio - working - big security risk!

More
8 years 8 months ago #11640 by Wim
Hi,

The last 2 days I've been working on JUX Portfolio problems.

It took a lot of time to get it work but.....

You need to give permission to files and folders (including PHP files!!!) "/modules/mod_jux_portfolio/elements/"

I use Admin Tools (Akeeba) and a .htaccess for security reasons. This is what Akeeba told me about this installation:

Hi Wim,
the solution you found is the correct one.
Regarding security, I can only say that in this way you won't be protected by Admin Tools. If there's a security issue in such file, Admin Tools won't be there to mitigate any threats.
You should contact the developer of such extension and tell him to follow Joomla guidelines, since every request should be addressed vs Joomla main file, the index.php one.

So please make a critical update for this extension asap!!!

We all payed for this extension, so we want a safe one.

Tx
Wim

Please Log in or Create an account to join the conversation.

More
8 years 8 months ago #11658 by NT
Hi Wim,
The files in folder "modules/mod_jux_portfolio/elements/" are our extensions. We create these files to help users easier to follow our items. For example, the folder juximagefolder.php has only purpose helping users to choose images from our module.So users don't need to access media in Joomla to choose images. Because the file is ended with PHP and is created as bonus, Admin tools will inform it is dangerous when checking.
We totally take responsibility for the safeness of these files.
Thanks!

****************
Best Regards
__DiepNT__

Please Log in or Create an account to join the conversation.

Time to create page: 0.068 seconds
Powered by Kunena Forum