Dolphin 7 Security Audit

Andrew Boon posted 16th of October 2009 in . 29 comments.

This week current Hookie build has undergone a professional security audit by independent specialist - Frank Ruske.

The audit resulted in a handful of "finds", which we're working on right now. Expect proper changes to be incorporated into the next beta. Hope this won't put off the release date.

 
Comments
·Oldest
·Top
Please login to post a comment.
elcentcom
elcentcom16th of October 2009
 
great news, thanks Andrew. It was a big concern after my experiences with various versions.
PermalinkReplyPlus0 pluses
JLMARTIN16th of October 2009
 
Fantastic news! On a side note, it would be interesting to learn about the security protocols and checks you guys put the software under prior to final release.

Thanks!
PermalinkReplyPlus0 pluses
mickscool
mickscool16th of October 2009
 
Thanks Andrew..it was nice to know about the security audit. It would be nice to get it audited from some other security auditing companies as well and get it certified. We need to make it bullet proof :)
PermalinkReplyPlus0 pluses
Andrew Boon
Andrew Boon16th of October 2009to mickscool
 
Yeah, we might use one more firm, and definitely this guy again a little later.
PermalinkReplyPlus0 pluses
greymatters
greymatters16th of October 2009to mickscool
 
Andrew, glad to hear this from Boonex.

Feeling Peace of Mind.
PermalinkReplyPlus0 pluses
mickscool
mickscool16th of October 2009to mickscool
 
Great to hear that andrew. I will also try to sniff some packets and fire some sql/xss injection scripts and also use the 'burp suite' on my test site over the weekend.
PermalinkReplyPlus0 pluses
Zarcon
Zarcon16th of October 2009
 
Thanks Andrew.. Nice to know we will have security awareness in place.
PermalinkReplyPlus0 pluses
CALTRADE
CALTRADE16th of October 2009
 
Wow is the new site a mess on my computer. Andrew, if you are already talking about the schedule slipping one day after you announced it, why don't you just skip that next "beta" and go directly to the RC? I couldn't see what purpose another beta served anyway. I think you got the memo, but we need the upgrade path - and the sooner the better.
PermalinkReplyPlus0 pluses
CALTRADE
CALTRADE17th of October 2009to CALTRADE
 
Just to clarify, when I said the new site was a mess, I meant Unity - not the beta. Boonex has obviously been doing some upgrades to Unity and the format on this end looked pretty scary when I wrote this.
PermalinkReplyPlus0 pluses
greymatters
greymatters16th of October 2009
 
Want to give you Great Thanks for security checking by an expert. This is a big issue today as Dolphin need write permission for lots of files.

Great Going.
PermalinkReplyPlus0 pluses
shaneed
shaneed17th of October 2009
 
Well, that's good to hear about those finds. But i really really hope there won't be a lot of code change. (praying). Cause...

Even if is beta, i don't expect lots of structure changing, so i'm on my way to live site with it. :)
PermalinkReplyPlus0 pluses
croquette
croquette17th of October 2009
 
I hope that we shall have not need to wait more lontgemp for the dophin 7, because it is already very stable and any autrex updated could be afterward made. Fast fast fast the version RC lol
PermalinkReplyPlus0 pluses
tuba
tuba17th of October 2009
 
GOOD LUCK HERE IS A BUG WITH FACEBOOK CONNECT:
Method(actionLoginFormhttp:) was not found in module(facebook_connect)
PermalinkReplyPlus0 pluses
gameutopia
gameutopia19th of October 2009
 
Nice to see that additional 3rd party checkups for security are part of the development. Hope it doesn't set back d7 stable too much, but nice to see extra steps are being taken and considered this time around. Hope we will still see d7 stable before the end of the year, and d7 beta 8 or RC very soon. Looking forward to it.
PermalinkReplyPlus0 pluses
Dwain19th of October 2009
 
Glad to see the things coming together in a positive manner. Thanks!
PermalinkReplyPlus0 pluses
bigal022820th of October 2009
 
Here is one "security audit" I ran:

Google Index of /templates/tmpl_uni
You will get the following result. I know that the majority of the results will be for 6.1X sites, but there are tens or hundreds of results for 7.X sites as well.

Results 1 - 10 of about 28,000 for index of /templates/tmpl_uni.

Too many dolphin owners stop at the installation process and never do much more than change a banner or two. While Boonex is doing everything they can to make Dolphin a reliable see more and secure product, it's up to the site owner to protect their site as well. You can do the same search for /ray , /inc, and a few more common directories and get about the same results. Try these directory searches on your own sites and see what the results are.
PermalinkReplyPlus0 pluses
peterdaniel
peterdaniel22nd of October 2009
 
Here's one:

If a database error occurs (this is what i got-"#1030 - Got error 28 from storage engine"), then your sensitive info about your hosting account, such as the path to your files, your username and your PASSWORD will appear on the homepage of your website, for everyone to see. This is what it happened to me last night with the beta7. This is not so cool..

Anyways this is a great project!Keep up with the good work!
PermalinkReplyPlus0 pluses
mastermindsro
mastermindsro22nd of October 2009
 
15 October 2009:
"
1. We'll release one more beta shortly.
2. We'll release RC1 by the end of next week.
"
It's that a deadline, a joke or both? I still can't see that beta coming around even this week..
PermalinkReplyPlus0 pluses
JLMARTIN22nd of October 2009to mastermindsro
 
I do not think it is a joke. They intend to follow a release schedule, for sure, but obviously since bug discovery continues and we, users, keep on sending them new requests, well, what do you expect?

I much prefer delays due to security checks, bug fixes and enhancements than a zillion betas and RCs that will result in more work on my own site. It is frustrating, but for them too. If only more software companies had an OPEN forum for their customers to help out tweaking their products....

Anyways, see more let's focus on making the next release the best it can be.
PermalinkReplyPlus0 pluses
mastermindsro
mastermindsro22nd of October 2009to mastermindsro
 
Yeah, yeah the same old words put together to express that "I prefer many betas, is more secure".. I was ONCE like you (6 months ago).
1. A promise must be kept at all means.
2. No one will believe you the second time you promise something.
3. We waited ENOUGH!
PermalinkReplyPlus0 pluses
oldes
oldes23rd of October 2009
 
Thans Andrew, I am glad to see that you are putting more time to security... I am hoping to put see the final 7.0 soon
PermalinkReplyPlus0 pluses
fruske
fruske24th of October 2009
 
hi all. I made the audit,this is my username here. So if you like to get similar services just contact me :)
PermalinkReplyPlus0 pluses
westmerch
westmerch26th of October 2009to fruske
 
Hi fruske!

Can we have some kind of presentation on the audit you had on the script?

Just wondering... thank you! :)
PermalinkReplyPlus0 pluses
westmerch
westmerch26th of October 2009
 
Hi Boonex :)

Any update on the release?

By the way, D7 is awesome, what a work you guys did there, good job to the team!
PermalinkReplyPlus0 pluses
shaunbaird
shaunbaird27th of October 2009
 
I think it's very commendable that this project continues to inspire.
The vision of the founders is immense despite the frustration sof members, IM here all the way and aim to make dolphin a major part of my financial future.
PermalinkReplyPlus0 pluses
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Custom Jobs
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd
SSL
© BoonEx
Home
Features
Pricing
Support
Hosting
About
Demo
PET:0.06986403465271