Dolphin 7 Security Audit

great news, thanks Andrew. It was a big concern after my experiences with various versions.

Fantastic news! On a side note, it would be interesting to learn about the security protocols and checks you guys put the software under prior to final release.

Thanks!

Thanks Andrew..it was nice to know about the security audit. It would be nice to get it audited from some other security auditing companies as well and get it certified. We need to make it bullet proof :)

Thanks Andrew.. Nice to know we will have security awareness in place.

Wow is the new site a mess on my computer. Andrew, if you are already talking about the schedule slipping one day after you announced it, why don't you just skip that next "beta" and go directly to the RC? I couldn't see what purpose another beta served anyway. I think you got the memo, but we need the upgrade path - and the sooner the better.

Want to give you Great Thanks for security checking by an expert. This is a big issue today as Dolphin need write permission for lots of files.

Great Going.

thanks for the update!

Well, that's good to hear about those finds. But i really really hope there won't be a lot of code change. (praying). Cause...

Even if is beta, i don't expect lots of structure changing, so i'm on my way to live site with it. :)

I hope that we shall have not need to wait more lontgemp for the dophin 7, because it is already very stable and any autrex updated could be afterward made. Fast fast fast the version RC lol

lock it up.

GOOD LUCK HERE IS A BUG WITH FACEBOOK CONNECT:
Method(actionLoginFormhttp:) was not found in module(facebook_connect)

Nice to see that additional 3rd party checkups for security are part of the development. Hope it doesn't set back d7 stable too much, but nice to see extra steps are being taken and considered this time around. Hope we will still see d7 stable before the end of the year, and d7 beta 8 or RC very soon. Looking forward to it.

Glad to see the things coming together in a positive manner. Thanks!

Here is one "security audit" I ran:

Google Index of /templates/tmpl_uni
You will get the following result. I know that the majority of the results will be for 6.1X sites, but there are tens or hundreds of results for 7.X sites as well.

Results 1 - 10 of about 28,000 for index of /templates/tmpl_uni.

Too many dolphin owners stop at the installation process and never do much more than change a banner or two. While Boonex is doing everything they can to make Dolphin a reliable and secure product, it's up to the site owner to protect their site as well. You can do the same search for /ray , /inc, and a few more common directories and get about the same results. Try these directory searches on your own sites and see what the results are.

gfgfdgfd

gfgfdgfdgdfggdfg

Here's one:

If a database error occurs (this is what i got-"#1030 - Got error 28 from storage engine"), then your sensitive info about your hosting account, such as the path to your files, your username and your PASSWORD will appear on the homepage of your website, for everyone to see. This is what it happened to me last night with the beta7. This is not so cool..

Anyways this is a great project!Keep up with the good work!

15 October 2009:
"
1. We'll release one more beta shortly.
2. We'll release RC1 by the end of next week.
"
It's that a deadline, a joke or both? I still can't see that beta coming around even this week..

Thans Andrew, I am glad to see that you are putting more time to security... I am hoping to put see the final 7.0 soon

hi all. I made the audit,this is my username here. So if you like to get similar services just contact me :)

Hi Boonex :)

Any update on the release?

By the way, D7 is awesome, what a work you guys did there, good job to the team!

I think it's very commendable that this project continues to inspire.
The vision of the founders is immense despite the frustration sof members, IM here all the way and aim to make dolphin a major part of my financial future.