CalcBuilder Forum

Hacking Suspect code

Usuario CotswoldD 2016-01-14 17:26:32

Hi Why are you using stuff like this???

eval($_code); = hackers use this all the time, really us no reason

Have had a lengthy conversation with MyJoomla on this matter.

Rather dispointed that i have purchased your product, and now showing potential hacks or code that really should not be being used in Joomla.

regards pete

Moonsoft support 2016-01-14 17:45:50

Hi,
Of course, this is used because the calculator must execute YOUR code ! As a general suggestion, eval is not needed, and should not be used...to do things that normal components do, the calcbuilder is able to do much more. That code is dangerous only if it's exposed to any frontend request, if you understand the joomla mvc and you check where/how that code is being used, you will be less disapointed :)

Having said this, noone can promise it's 100% free of attacks, if you or anyone can find a way to hack the extension because of this code, or because any other accross the extension or module, we'll be very happy to know and release a fix in a matter of hours.

Thanks for your comments

Regards

Usuario CotswoldD 2016-01-14 20:22:43

Interesting article about how to not use EVAL

http://stackoverflow.com/questions/10671602/whats-alternative-of-eval-function

Would this help?

Moonsoft support 2016-01-15 10:00:37

Hi,
not sure which is your point here. For this case, eval is required, it can't be replaced for anything else, and it's used in a secure way. Did you finally find any security issue at the calcbuilder code?

Regards

...
Support/development

Perfect for small code changes or to correct any bug at your site

Buy now!
...
Support/development 40 hours

With the peace of mind of having a professional team at your service (20% discount)

Buy now!