Password file has been hacked and used by a virus

[botg]

botg your an ass,

Absolutely. I don't bow down to the will of the uneducated masses. I do things by the book.

your registration here isnt even secure so it dosnt suprise me that the authors of this software dont give a damn about your security.

Blame browser vendors. They treat self-signed certificates worse than unencrypted sites. Using latest Firefox for example I have to click three or fore times just to accept a self-signed certificate, yet not a single click to accept unencrypted http connections.
(And no, I am not buying a certificate from some greedy $$$ company, why should I trust them?)

and to the developers,

aka the ass

Since this lack of security has DIRECTLY affected my business, Im going to be looking into liability......
Im sure somewhere I can find that obscure law that says that your willfull negligence can be pointed to direct financial liability.

To quote the GPL:

Code: Select all

			    NO WARRANTY

  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.

  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

Note that that isn't yelling, it islegalese bold.

[botg]

IF you run a mysql dependant site then you have now givin the person that got your login info complete access to the database and your customer info....

Even MySQL has table based permissions and stored procedures. Your app is badly written if your PHP files have complete access to the database.

[camelothosting]

IF you run a mysql dependant site then you have now givin the person that got your login info complete access to the database and your customer info....

Even MySQL has table based permissions and stored procedures. Your app is badly written if your PHP files have complete access to the database.

Its not the actual files that Im refering to

its the configuration file,
you know the one that has

hostname
dtabase
password....

thats the information that Im refering to.....

and its sad and scary that with the LOW prices of ssl certs that you cant be bothered with that small security detail.....


and the GPL does NOT cover you from Willfull negligence.....

If your inaction causes harm then you can be held liable
Just food for thought for your next release

[boco]

botg is only liable up to the price of his software product.

[botg]

If your inaction causes harm then you can be held liable

Oh somewhere on this world a dozen children starved to death today because you didn't give away 90% of your money.

Liability ends somewhere, in this case it ends before it reaches me because we didn't enter any contract.



Closing topic, everything has been discussed already and further replies are only made by trolls and flamers.