Re: News page in the Wiki
Till Maas wrote:
One pretty common vulnerability would be a cross site scripting, especiall a
persistent one, where all the described security measures would not help. An
attacker would simply modify the login prompt that is shown if someone opens
the wordpress homepage and instead of sending the credentials directly to
FAS, they are also sent to the attacker. Here SSL or not storing the
credentials on the worpress server would not help.
Very true. Keeping up with the WP updates and not using dangerous
third-party plugins would help reduce this possibility - but still, it
would cause a massive admin problem for rpmfusion if the site was
compromised in such a way and FAS details were released.
C