You are missing our premiere tool bar navigation system! Register and use it for FREE!

NukeCops  
•  Home •  Downloads •  Gallery •  Your Account •  Forums • 
Readme First
- Readme First! -

Read and follow the rules, otherwise your posts will be closed
Modules
· Home
· FAQ
· Buy a Theme
· Advertising
· AvantGo
· Bookmarks
· Columbia
· Community
· Donations
· Downloads
· Feedback
· Forums
· PHP-Nuke HOWTO
· Private Messages
· Search
· Statistics
· Stories Archive
· Submit News
· Surveys
· Theme Gallery
· Top
· Topics
· Your Account
Who's Online
There are currently, 542 guest(s) and 0 member(s) that are online.

You are Anonymous user. You can register for free by clicking here
Security: PHP-Nuke 7.1 with SHA1 password hashes now available
Securitymaciekp writes "Mil-Sim.net has released a patch for PHP-Nuke version 7.1 allowing the use of secure SHA1 or MD5 password hashes. Using 160bit SHA1 hashes makes your user/admin passwords much harder to crack (compared to standard MD5), even if the attacker manages to access your database, e.g. through a SQL injection exploit. The hash type by default is set to SHA1 and can be easily changed in 'config.php'. No additional PHP extensions or external programs are required.

Applying the patch
  1. Download PHP-Nuke 7.1.MilSim1 patch from Mil-Sim.net downloads section
  2. Uncompress the official PHP-Nuke 7.1 archive to a new directory 'PHP-Nuke-7.1'
  3. Uncompress the patch file to 'PHP-Nuke-7.1' directory
  4. Change the current working directory to 'PHP-Nuke-7.1' and type:

    patch -p1
Installation procedure is essentially the same as with standard PHP-Nuke 7.1. Make sure to choose your unique site key and preferred digest method in 'config.php' file.

Please note this version has not yet been extensively tested and you should not use it in a production environment without further testing. A new version including Chatserv's fixes will be released at a later time.

Changes
  • Added 'includes/class.sha.php' class
  • Added Digest class to 'mainfile.php'
  • Added $digesttype configuration variable in 'config.php'
  • Changed 'minpass' value in 'nuke.sql' to 8
For the full list of changes refer to the PHP-Nuke-7.1.M1-patch file.

About Mil-Sim.net

Military Research and Simulations Initiative (Mil-Sim.net) is an organisation specialising in information systems security, and military and strategic studies. Our activites include software development, consulting, and research on weapons systems and orders of battle.

Please visit the Mil-Sim.net home page for more information. "
Posted on Sunday, February 29 @ 19:28:32 CET by disgruntledtech
 
Related Links
· Computer Cops
· More about Security
· News by disgruntledtech


Most read story about Security:
PHP-Nuke admin.php security hole - PATCHED

Article Rating
Average Score: 5
Votes: 1


Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad


Options

 Printer Friendly Page  Printer Friendly Page

 Send to a Friend  Send to a Friend

Associated Topics

PHP-NukeSecurity

Threshold
The comments are owned by the poster. We aren't responsible for their content.

No Comments Allowed for Anonymous, please register
Powered by TOGETHER TEAM srl ITALY http://www.togetherteam.it - DONDELEO E-COMMERCE http://www.DonDeLeo.com - TUTTISU E-COMMERCE http://www.tuttisu.it
Web site engine's code is Copyright © 2002 by PHP-Nuke. All Rights Reserved. PHP-Nuke is Free Software released under the GNU/GPL license.
Page Generation: 0.274 Seconds - 206 pages served in past 5 minutes. Nuke Cops Founded by Paul Laudanski (Zhen-Xjell)
:: FI Theme :: PHP-Nuke theme by coldblooded (www.nukemods.com) ::