Hi All
I have installed Xenoforo and its running well, though after setting everything up we ran a vulnerability scanner on our site (unfortunately we have been seriously hacked in the past and left a tad paranoid), a couple of high warnings issued:
High Alerts:
GET /community/index.php
-Cleartext Password over HTTP
-solution: Passwords should never be sent over cleartext. The form should submit to an HTTPS target.
GET /community/
-Session Cookie Without Secure Flag
Solution: When creating the cookie in the code, set the secure flag to true.
Medium Alerts:
None
Our php is tight, our linux server stripped down to the bare essential bones, it would be great to know we are safe with Xenforo... Does anyone else ever have problems of security, indeed any pointers on how to remedy these alerts appreciated.
Many thanks
Pete
I have installed Xenoforo and its running well, though after setting everything up we ran a vulnerability scanner on our site (unfortunately we have been seriously hacked in the past and left a tad paranoid), a couple of high warnings issued:
High Alerts:
GET /community/index.php
-Cleartext Password over HTTP
-solution: Passwords should never be sent over cleartext. The form should submit to an HTTPS target.
GET /community/
-Session Cookie Without Secure Flag
Solution: When creating the cookie in the code, set the secure flag to true.
Medium Alerts:
None
Our php is tight, our linux server stripped down to the bare essential bones, it would be great to know we are safe with Xenforo... Does anyone else ever have problems of security, indeed any pointers on how to remedy these alerts appreciated.
Many thanks
Pete