Forum


Calc Builder Support

Calc Builder support
Forums
Public write access is disabled. Please login

Hacking Suspect code 14.01.2016 17:26

Hi Why are you using stuff like this???

eval($_code); = hackers use this all the time, really us no reason

Have had a lengthy conversation with MyJoomla on this matter.

Rather dispointed that i have purchased your product, and now showing potential hacks or code that really should not be being used in Joomla.

regards pete

Re: Hacking Suspect code 14.01.2016 17:45

Hi,
Of course, this is used because the calculator must execute YOUR code ! As a general suggestion, eval is not needed, and should not be used...to do things that normal components do, the calcbuilder is able to do much more. That code is dangerous only if it's exposed to any frontend request, if you understand the joomla mvc and you check where/how that code is being used, you will be less disapointed :)

Having said this, noone can promise it's 100% free of attacks, if you or anyone can find a way to hack the extension because of this code, or because any other accross the extension or module, we'll be very happy to know and release a fix in a matter of hours.

Thanks for your comments

Regards
Moonsoft Team
www.moonsoft.es

Re: Hacking Suspect code 14.01.2016 20:22

Interesting article about how to not use EVAL

http://stackoverflow.com/questions/10671602/whats-alternative-of-eval-function

Would this help?

Re: Hacking Suspect code 15.01.2016 10:00

Hi,
not sure which is your point here. For this case, eval is required, it can't be replaced for anything else, and it's used in a secure way. Did you finally find any security issue at the calcbuilder code?

Regards
Moonsoft Team
www.moonsoft.es
Are you satisfied with our products/services/support?
Please help us to keep improving, add a review at  joomla extensions site and  magento connect
FaLang translation system by Faboba

Our clients' feedback