Is TinyPortal Secure?

[nipun_jain]

Don't get me wrong, but I am pretty new to TP and have already started loving it, but with all the recent incidents of TP based sites being hacked, one does become uncertain as to whether TP is secure or not. Are there any steps that I can take to make it secure?

Another question is when is the version 0.9.5 going to be released to the public and whether already existing websites will be able to upgrade or not.

[IchBin]

TP 0.9.5 will be released when its ready. It's free software and so there are no release dates set, ever.

As for the secure part I have only seen 1 shoutbox exploit in TP. It's the only security hole that has been found. It has also been patched for quite some time. In fact, the fix for it was ready almost immediately following the exploit. Any problems you see as a result of the shoutbox are because people are not updating their software. As far as I can tell, and I've had a pretty good hand in the TP files checking them out, I think TP is top notch when it comes to its security and features. The only thing you can do to keep TP secure is make sure you stay updated as soon as the updates are out.

[Xarcell]

I agree with Ichbin.

The only hole I've seen was in the shoutbox which was addressed immediately with a patch then a fix. Most people are still being hacked because they have not updated their software, myself include . In my opinion, it isn't even a real hack. I haven't updated my site because the hack is so easily fixed.

TP is about as secure as SMF. Since TP is powered by the SMF engine.

-X

[Xarcell]

.9.5 isn't out to the public, but will be.

We are still bug squashing, and to me, most of the real issues are from upgrading. Version .9.5 is very different from .8.6. Most of the problems we are fixing are typos and simple mistakes.

The fourth version of .9.5 wa sreleased to alpha, and yet again there were some simple errors. They just keep coming from no where. No problems on fresh install though. That's just my opinion though.

[nipun_jain]

Thanks for the replies guys but I am sure you must have noticed people saying the despite of their patching the shoubox exploit patch, they still got hacked. (http://www.tinyportal.net/smf/index.php?topic=6214.0)
So it it their server or the TP script? Anyways, I have disabled shoutbox as a precaution anyway.

[G6Cad]

Thats not exactly true, they think they have the latest updates (been two) but they actually didnt have the hack updates.

[nipun_jain]

Lemme get this straight. The tp package available for download (rev2 one) is already updated, right? There is no need to apply any updates to it, like the one that says tp_update_rev2.

[gerrymo]

If you download from here now, the patches will be added.

[nipun_jain]

I downloaded about a week back so I guess that my download was updated.

One suggestion though, you guys should use a minor version upgrade like
tp without shoutbox hack patch --> 0.8.6
tp with shoutbox hack patch --> 0.8.6.1

[G6Cad]

No need, the next version out any day now have all the security patches builded in.