[Vtigercrm-developers] Issues and malwares - vtiger market place extension

Sutharsan Jeganathan ajstharsan at gmail.com
Tue Apr 28 17:51:17 GMT 2015


Hi

I don't think it is a security issue, but might be a bug.

When editing a label
[image: Inline image 1]


It goes like
[image: Inline image 2]

The Issue might be

[image: Inline image 3]


Thanks
Sutharsan Jeganathan

On Tue, Apr 28, 2015 at 9:47 PM, Prasad <prasad at vtiger.com> wrote:

> Sutharsan,
>
> Thank you - we will follow up with publisher and review the same.
> Do you have instances where it posed trouble to system security?
>
> --
> FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm>
>  I LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
> <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>
> On Tue, Apr 28, 2015 at 9:21 PM, Sutharsan Jeganathan <
> ajstharsan at gmail.com> wrote:
>
>> Hi Prasad
>>
>> I suspect similiar issue in Labels4you which I have already mentioned
>> here in the same topic. It upate / rewrite the language files and overwrite
>> them where the single quote is replaced by double quote
>>
>>
>> Thanks
>> Sutharsan Jeganathan
>>
>> On Tue, Apr 28, 2015 at 8:48 PM, Prasad <prasad at vtiger.com> wrote:
>>
>>> We have suspended vtDebug extension on marketplace..
>>>
>>> @Alan, @Błażej:
>>> Thank you for the supportive review - we will tighten our process of
>>> approval.
>>>
>>> Regards,
>>> Prasad
>>>
>>> --
>>> FB <http://www.facebook.com/vtiger> I Twit
>>> <http://twitter.com/vtigercrm> I LIn
>>> <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
>>> <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>>>
>>> On Tue, Apr 28, 2015 at 7:30 PM, Alan Lord <alanslists at gmail.com> wrote:
>>>
>>>> On 28/04/15 14:50, Conrado Maggi wrote:
>>>>
>>>>> Hello Blazec,
>>>>>
>>>>> Thanks a lot for taking the time to review the extension. I agree that
>>>>> the module needs to be removed from the marketplace.
>>>>>
>>>>> Also, I think vtiger really needs to reconsider the acceptance of
>>>>> encrypted/obfuscated code. This is a clear example that it's not
>>>>> sustainable.
>>>>>
>>>>> This impact not only that extension but the entire marketplace idea.
>>>>>
>>>>
>>>> That's pretty scary stuff I agree.
>>>>
>>>> I would suggest that if vtiger wants to allow encrypted code they
>>>> should sign an NDA with the publisher and then not allow it on the
>>>> Marketplace until they have reviewed an unencrypted version and they use
>>>> *at least* an MD5 hash to verify version updates etc...
>>>>
>>>> If Blazec's review is accurate (and I have no reason to doubt that)
>>>> then That module really sucks.
>>>>
>>>> Al
>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>>
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150428/bf527619/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 31786 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150428/bf527619/attachment-0003.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 7194 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150428/bf527619/attachment-0004.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 88424 bytes
Desc: not available
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20150428/bf527619/attachment-0005.png>


More information about the vtigercrm-developers mailing list