Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
OpenCart Security
#1
Hello,

Recently I've been researching stuff about the level of security offered by OpenCart and found the following issues that worried me:
https://forum.opencart.com/viewtopic.php?t=147282 and https://blog.sucuri.net/2016/12/unrestri...login.html

My question is, were these 2 issues fixed in OpenCart Overclocked?

Thanks!

Edit: Here's another related post https://forum.opencart.com/viewtopic.php?f=20&t=144753

Edit2: Found some more (different):
https://cxsecurity.com/ascii/WLB-2014050149
https://cxsecurity.com/cveproduct/9567/13463/opencart/
https://www.exploit-db.com/exploits/39679/
Reply
#2
Yes, I completely agree, website security is paramount and exploits and hijacking of pages are very serious matters.

I have already added some security features like custom Captcha on registration, "sink pages" for banned Customer IPs and also the System file integrity check under Administration, but there are a lot more things we can do to prevent attacks and I am fully committed to strengthen OCE even more to limit the risks as much as possible.

Thanks for researching all these links for us, I am going to act on them.
OpenCart Overclocked Edition Lead developer
Reply
#3
I believe Authorize.net (AIM) is safe as it has been re-written by Gob33 last year, based on v2.0 files.

All the index.html files in OCE are "403 Forbidden" to prevent direct access.

The Admin Login page has been strengthen even further in the last few days with the "sanitize" function I added in the library.

I completed the Admin User activity log today and that should help tracking down some more malicious activities.

Also to mention that the Encryption library in OCE is unique to OCE. I wrote it initially some time ago and updated it to support PHP 7.1+ very recently.

Nothing is 100% safe on the net nowadays so we never know, but I think OCE is pretty strong ...
OpenCart Overclocked Edition Lead developer
Reply
#4
Thanks for the complete answer Philippe.

Great job as always!
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)