News page in the Wiki
Chris Nolan
chris at cenolan.com
Mon Nov 10 00:37:32 CET 2008
Till Maas wrote:
>
> One pretty common vulnerability would be a cross site scripting, especiall a
> persistent one, where all the described security measures would not help. An
> attacker would simply modify the login prompt that is shown if someone opens
> the wordpress homepage and instead of sending the credentials directly to
> FAS, they are also sent to the attacker. Here SSL or not storing the
> credentials on the worpress server would not help.
>
Very true. Keeping up with the WP updates and not using dangerous
third-party plugins would help reduce this possibility - but still, it
would cause a massive admin problem for rpmfusion if the site was
compromised in such a way and FAS details were released.
C
More information about the rpmfusion-developers
mailing list