News

Hi -

I own Jiggin.net and am having some problems. First of all, if you go to www.Jiggin.net you will find a major database error...that is a big ordeal. Second..I want to upgrade to the newest release but am told from the guy I bought the site from that jiggin.net is using like a pre-1.2 maybe 1.1??? beta. Anyway, how do I make this upgrade? I am moving the site to a new host in the next couple days...it would be a great time to make upgrade. Would I loose all users in database or any other info in database?

I NEED HELP!

Thanks all!

matt

Attention all Geeklog 1.3 Admins

I hope you programmers out there never have to do what I'm about to do. A security hole has been brought to my attention and all Geeklog 1.3 admins will need to apply this fix. Luckily a 'good guy' found this before it became is big issue.

During all the session management changes from a while back I neglected to add back the MD5 hash of the users password to a cookie and check that. As a result, it is possible to have your Geeklog 1.3 system compromised by simply editing the cookie and changing the user ID to that of a Geeklog admin. This hole is about as critical as a hole can get. If you are running Geeklog 1.3 you will need to go to CVS and download the latest copies of system/lib-sessions.php and public_html/users.php.

I am playing with LDAP for some IMAP stuff I am doing at work. Eventually I will need to have Geeklog and my IMAP server work together so that account creation, password updates and authentication work seemlessly between the two.

For that it seems that using LDAP makes the most sense. Aside from that it would take Geeklog a long way from being a toy for Geeks to a realistic intranet solution for businesses and organizations that already use LDAP.

On the other hand adding LDAP support could break the KISS principle (Keep-it-Simple-Stupid). What are the pros and cons to adding the LDAP authentication to Geeklog? Would you use it or would it be just a waste of time?