News Feed
Jobs Feed
Sections




News Archive
Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

Brian Teeman's Blog:
Can you trust your Joomla extensions?
November 05, 2009 @ 11:01:57

In a recent post to his blog Brian Teeman asks the question of Joomla users and developers - "can you trust your Joomla extensions?"

Sadly in the last 6 months there have been two published circumstances where an extension provider has been hacked and malicious code inserted into the extensions that they offer. This meant that as soon as you installed the extension your site was vulnerable to defacement etc. If there have been two published cases perhaps there have been more that we don't know about. So is there anything we can do to prevent this?

There is a sort of checking system in place with the md5sum matching but it's not widely supported currently. Sites like the Joomla Extension Directory would be prime candidates for sharing this sort of information to help protect those with Joomla installs all across the web.

Brian also suggests a way to make it even more seamless - integrate the md5sum checking into the Joomla code itself to make it even simpler for users to verify they they've gotten the write package from the right source (with the right code inside).

0 comments voice your opinion now!
joomla extension trust md5sum check


blog comments powered by Disqus

Similar Posts

PHPied.com: SAP container for PEAR::Auth

Vanessa Vasile's Blog:Using PHP to Extract Image Exif Data

Rob Allen: Setting up PHP & MySQL on OS X Mavericks

Greg Beaver's Blog: pecl/docblock version 0.2.0 released

PHP.net: Update to PHP 5.2.6 Release (XSL & IMAP)


Community Events











Don't see your event here?
Let us know!


hack hhvm facebook language performance application security project composer introduction example framework podcast database release install unittest component symfony2 package

All content copyright, 2014 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework