[Vtigercrm-developers] Reminder: Please be a contributor than a whistleblower - on security issues.
Prasad
prasad at vtiger.com
Fri Apr 20 11:44:46 GMT 2018
I hope you are following issue tracker as well.
--
FB <http://www.facebook.com/vtiger> I Twit <http://twitter.com/vtigercrm> I
LIn <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
<https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
On Fri, Apr 20, 2018 at 5:11 PM, socialboostdk <socialboostdk at gmail.com>
wrote:
> +1
>
> Also avoid using users email to hash passwords. Its crap + means that you
> cannot change email without also changing password...
>
> On 20 April 2018 at 13:31, Conrado Maggi <comaggi at gmail.com> wrote:
>
>> Basically, Not doing this: https://unsecure.blog/en
>> /114-vtigercrm-storing-passwords-in-md5.html
>>
>> Conrado
>>
>> On Fri, Apr 20, 2018 at 12:22 PM, Prasad <prasad at vtiger.com> wrote:
>>
>>> Thank you for the references. We are in touch with few wise security
>>> advisories as well.
>>>
>>> The intent behind the post was to raise the awareness of quality of
>>> information that need to be exchanged
>>> when understanding the security issue.
>>>
>>> Regards,
>>> Prasad
>>>
>>>
>>> --
>>> FB <http://www.facebook.com/vtiger> I Twit
>>> <http://twitter.com/vtigercrm> I LIn
>>> <https://www.linkedin.com/company/1270573?trk=tyah> I Blog
>>> <https://blogs.vtiger.com> I Website <https://www.vtiger.com/>
>>>
>>> On Fri, Apr 20, 2018 at 3:20 PM, IT-Solutions4You <info at its4you.sk>
>>> wrote:
>>>
>>>> I found this interesting project
>>>> https://hacktrophy.com/en/price-ethical-hacking/
>>>>
>>>> I think to contact them for scanning vtiger. Maybe you(vtiger) can
>>>> cooperate, basically it's your software ;-)
>>>>
>>>> Matus
>>>>
>>>> Dňa 20. 4. 2018 o 10:54 Prasad napísal(a):
>>>>
>>>>> Dear members,
>>>>>
>>>>> Security and Data-Privacy is our top priority.
>>>>>
>>>>> Without providing much details citing security concern on public
>>>>> channels is more like whistleblowing, which does no good but creates
>>>>> suspicion in those who aren't full aware of the details.
>>>>>
>>>>> If you are aware of a security risk or suspect a possible hole that
>>>>> can give attacker ability to gain customer data, please feel to reach
>>>>> to us
>>>>> with complete details or file the issue on our tracker to keep our
>>>>> community informed.
>>>>>
>>>>> Regards,
>>>>> Prasad
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> http://www.vtiger.com/
>>>>>
>>>>>
>>>>
>>>> _______________________________________________
>>>> http://www.vtiger.com/
>>>
>>>
>>>
>>> _______________________________________________
>>> http://www.vtiger.com/
>>>
>>
>>
>> _______________________________________________
>> http://www.vtiger.com/
>>
>
>
> _______________________________________________
> http://www.vtiger.com/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.vtigercrm.com/pipermail/vtigercrm-developers/attachments/20180420/0b40db54/attachment.html>
More information about the vtigercrm-developers
mailing list