b2 [project page / test blog] [login] [register]

[ This is a test blog, with posts about the development of b2, and comments ]

[ Bugs/suggestions ? Check the Forums ! ]

19.07.01

big security flaw in b2

i had installation problems a few moments ago and i realised that b2install.php is on my monkey.dayzero directory. this can be a great security flaw because it simply overruns all existing settings and posts and makes a new copy of b2. this also means that all accounts are wiped out and the admin user and pass becomes the default.

this is worrying. for those of you who're using b2, please DELETE b2install.php from your ftp server after installation. if you can't remember your password you can upload it back and do a clean reinstallation, or request michel to do this password sending thing. thank you.

alternatively, you can chmod the install.php file to something else (like 755) or request yet another feature on b2: for the install.php file to auto delete itself after installing.

i would request this to be reflected in the b2 readme.
ian @ 17:40:25 069
no comment, no trackback, no pingback

[powered by b2.]

archives
march 2004
january 2004
december 2003
november 2003
october 2003
july 2003
june 2003
may 2003
march 2003
november 2002
october 2002
september 2002
august 2002
july 2002
june 2002
may 2002
april 2002
march 2002
february 2002
january 2002
december 2001
november 2001
october 2001
september 2001
august 2001
july 2001
june 2001

What is b2 ?
A classy news/weblog tool (aka logware).

How does it work ?
You type something and hit "blog this" and in the next second it's on your page(s). You can write extended entries, or even entries that span multiple pages. You can also use BloggerAPI clients to post to your b2 weblog.
What's original in b2 ? Pages are generated dynamically from the MySQL database, so no clumsy 'rebuilding' is involved. It also means faster search/display capabilities, and the ability to serve your news in different 'templates' without any hassle.

Requirements ?
A server that can run PHP4, and a MySQL database (you can install b2 in an already existing database, and you can put several b2's in one database).

Where can I download it ?
b2 0.6 is the latest public release.
You can also visit the CVS server for the latest code, at your own risks.
See the ReadMe file for requirements and installation instructions.

Contact info ?
E-mail: m@tidakada.com
Forums: over there. :)

Post categories:

Search:

 

They are powered by b2:


e-mail me when you install b2 on your site, include your URL to be linked here.

 

Recently updated b2 weblogs:


To be included in that list whenever you post to your weblog, please use b2 v0.6 or later, and then e-mail update@tidakada.com with: your site's name, URL, e-mail, and a password. You will then receive an e-mail with an ID string that you'll have to paste in your b2config.php file. And then you'll be linked there :)

 

<< # [powered by b2] ? >>

 

If you like b2, please rate it at HotScripts.com