XF 2.0 Can server security be compromised by...

Arnox

Active member
a rogue admin on a separate XenForo installation that is used for testing? It doesn't seem likely to me personally, but I feel I should ask anyway, just to be sure.
 
"It depends"

What level of access did the admin have? Could they upload files to the server? Whats the server config? Were there any exploitable services or modules running?
 
"It depends"

What level of access did the admin have? Could they upload files to the server? Whats the server config? Were there any exploitable services or modules running?

In terms of server access, they won't have any. They would be a total admin, but only on the test XF installation and nowhere else on the server. They COULD upload files to the server, but it would have to be through XF's attachments/resource management system. As to the server config, could you be more specific? And finally, how would I know if there's any exploitable services/modules running, barring making sure things are updated?

EDIT: Oh crap, I forgot. They would have access to installing add-ons. OK, so prohibit add-on access, right?
 
If you've got to ask the question why continue to allow them admin level ?

They don't have any admin/moderator privileges yet. But they wish to have permission to work on a separate isolated installation of XenForo for testing purposes. Furthermore, we do NOT have the budget (or literally any budget at all) to hire a sec. consultant. And that's OK. I don't expect anyone to harden my server for free at all. But I do need to know...

Is there a high risk?
 
They don't have any admin/moderator privileges yet. But they wish to have permission to work on a separate isolated installation of XenForo for testing purposes. Furthermore, we do NOT have the budget (or literally any budget at all) to hire a sec. consultant. And that's OK. I don't expect anyone to harden my server for free at all. But I do need to know...

Is there a high risk?
He/she needs to get skin in the game and buy their own xf license and host it up cheap themselves. Just my 2 cents.
 
He/she needs to get skin in the game and buy their own xf license and host it up cheap themselves. Just my 2 cents.

Sorry for the long time to reply. The person is going to be working with me on my site. They'd just like to implement and test all proposed changes with a working viewable test installation.
 
They don't have any admin/moderator privileges yet. But they wish to have permission to work on a separate isolated installation of XenForo for testing purposes
Just have a separate vps server for test install - cheap hourly billed VPSes can be had at linode and digitalocean and upcloud cloud vps providers for just these kind of tasks.
 
Top Bottom