Joomla 3.5 Released

A little over a week ago, the Joomla! Project anounced the release of Joomla 3.5.  The major advantage this has is that the widely used CMS has PHP7 support, allowing webmasters to upgrade their server installations and take advantage of the performance improvements that PHP7 brings.

The new version comes with an e-mail update plugin to allow site admins to know when there are patches and bug fixes; hopefully they will then patch their sites to the benefit of everyone.

A run down of the listed major changes are:

Continue reading “Joomla 3.5 Released”

NEVER trust user input

I’ve had the joys recently of being part of a code audit for a potential client for a change or re-build of a system.  The code in itself was complete textbook…of how not to code a system.  It looked like it had been built long long ago when OO principles didn’t exist, and when no-one knew about security unless they were in that field.  Certainly developers knew nothing about security.

Continue reading “NEVER trust user input”

Drupal 8.0.5 Released

Open source and widely popular CMS Drupal released a maintenance fix to their 8.x branch a little under a week ago.  This release fixes some bugs in the branch, but there’s no security fixes as part of it.  The list of changes is available here.  The change log also lists April 20th as the release date for Drupal 8.1.0 which should have further fixes and new features.

For those people running a CMS site, keeping up to date with the security and bug fix patches is good practice, and therefore you should look to update as soon as possible.

Perils of a shared hosting platform

Once again I’ve been inspired by a stack overflow question, and it made me think about issues of a shared hosting platform.  You know the ones; the “host your site for £2.99 a month” sites.  There’s nothing inherently wrong with it (I was using them for a long time until I decided I wanted my own server to play with, and still using one for a different project for the moment), but it brings its own risks.  Some of those risks are to do with the infrastructure, others are with the people who are hosted on it.

Continue reading “Perils of a shared hosting platform”

Developers still lack security know-how

Earlier this week I was looking into RESTFUL web services and how to create them, so I set myself a small project.  The idea was to do something very basic, but that could be useful for someone rather than just a proof of concept.  i had no real direction.  With the news recently being about Apple locked in a battle with the FBI about whether or not they should be breaking their security for the FBI to access data on a particular iPhone, I started thinking about how much bad security I have seen in software applications over the years.  From this, I decided to build a web service which would take a hash string, and provide the original string for that hash where possible.

Continue reading “Developers still lack security know-how”