Open Source CMS in PHP with Security facts!

Asked
Active3 hr before
Viewed126 times

2 Answers

source
90%

Out of the three, Joomla is the only CMS that leverages PHP's native password hashing features. This means that cracking the passwords stored in a modern Joomla app is nontrivial, should one ever be compromised.,WordPress is the only one of the big three content management systems that offers automatic updates, but it does so insecurely.,One reason for this deviation from Phpass was to gracefully handle corner cases where someone downgrades to a version of PHP too old to support bcrypt without losing the ability to verify existing password hashes.,Additionally, Joomla now provides two-factor authentication out-of-the-box, which helps mitigate the consequences of weak user passwords.

Consequently, HashPassword can be greatly simplified to the following snippet:

function HashPassword($password) {
   if (strlen($password) > 4096) {
      return '*';
   }
   /* these steps are skipped */
   $random = $this - > get_random_bytes(6);
   $hash =
      $this - > crypt_private($password,
         $this - > gensalt_private($random));
   if (strlen($hash) == 34)
      return $hash;
   return '*';
}
load more v
88%

But the main concern is that there is no one to take the responsibility of finding and patching the CMS security vulnerabilities on time. Because it’s free and no one takes accountability for dealing with security issues, the final product often has critical security vulnerabilities. Some of these security vulnerabilities are found by either security researchers or attackers.,Upon a successful SQL injection, an attacker can possibly obtain access or is able to create a new privileged user account which can then be used to login and get full access to your website.,Scan your CMS website regularly using an automated penetration testing tool like Beagle Security to make sure that there are no vulnerabilities.,On the other hand, instead of accessing a file on the local web server, if the attacker is able to execute code hosted on their own machine, it is known as RFI.

       "index of"
       inurl: wp - content / "
load more v

Other "source-undefined" queries related to "Open Source CMS in PHP with Security facts!"