[Phpgroupware-users] Security provisions of CK-ERP

phpgroupware-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-users] Security provisions of CK-ERP

From:	C K Wu
Subject:	[Phpgroupware-users] Security provisions of CK-ERP
Date:	Fri, 21 Jan 2005 12:48:54 +0800
User-agent:	Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.3) Gecko/20041020

Hello, folks,

I noticed the Jan 14 irclog of #phpgroupware carried a query on thesecurity of CK-ERP.

Perhaps, to clarify the situation, here is a brief list of the varioussecurity provisions built into CK-ERP.


1.  Full support of registered_globals = off
2.  Concurrent edit/delete safe
3.  Special transaction filtering mechanism to minimize SQL injection

4. All _GET and _POST vars are strip_tag'ed before being used (to avoidcross-site scripting)

5.  All scrpts are md5 checksum verified before execution
6.  Full transaction post-insert, post-edit, pre-delete image logging

However, internet is inherently a hostile place. If, CK-ERP, as a webapplication, is placed on the web for access by users anytime, anyplace,then, VPN or some encrypted tunnelling access is advised.


Cheers,
CK

[Prev in Thread]

Current Thread

[Next in Thread]

[Phpgroupware-users] Security provisions of CK-ERP, C K Wu <=
- [Phpgroupware-users] Re: Security provisions of CK-ERP, Dave Hall, 2005/01/21
  - Re: [Phpgroupware-users] Re: Security provisions of CK-ERP, C K Wu, 2005/01/21

Prev by Date: [Phpgroupware-users] Sync4j error
Next by Date: [Phpgroupware-users] Re: Security provisions of CK-ERP
Previous by thread: [Phpgroupware-users] Sync4j error
Next by thread: [Phpgroupware-users] Re: Security provisions of CK-ERP
Index(es):
- Date
- Thread