Merry Christmas

Scriptcase 8 Discussion
#1

Hi,

In my name, and in name of komenco.es and scriptcasers.com I hope this little family continues growing. This community has strong values like respect and help to others. Values we have to take in mind all the year, but specially this days. 2015 was a great year for Scriptcase. SC8.1 is a great version, continuing being better on every new patch, with new features, solving bugs, and creating new ones :stuck_out_tongue: All of we have our own wish lists for new features, priorities to be solved, and a lot of things to add to this lists, but, we will try to forgot all of this, just for this days. Try to forgot all the bad things, and think on all the good ones. And an special mention to Albert (Aducom). Thanks for all the effort you put here. Scriptcase would not be the same without you.

I just want, for all Netmake Team (Bartho included), and all this wonderfull community, all the best for you and really wish you have a very happy night with all your family.

A sincere big hug for all of you.

Giuseppe
Scriptcase Consultant.
CEO KomencoIT Solutions
CEO Scriptcasers.com

#2

I too wish everybody here a very good XMas and a great and healthy 2016.

2016 will be a challenging year for the European companies as the new data protection law is going to be active. That means for everybody who creates software (includes parties who sell in Europe) that data leaks needs to be reported to the authorities and that serious hacks without decent proven defense can expect huge fines up to 700.000 Euro’s.
We have been working with Scriptcase to match these criteria and I expect that the changes will be applied in one of the nearest versions.

Although Scriptcase will include some anti-hack measures you never can be sure. Also, you need to be aware of what you are storing in your database, how safe your servers are etc. Some things to consider (and these are only the obvious ones):

  • remote desktop is unsafe by default. Without a proper setup, i.e. change port and setup firewall to accept only connections from trusted clients. Use dyndns if you have to.
  • storing critical data in your database is unsafe. Use a decent encryption, no NOT MD5 (something to do in the autorisation module (Scriptcase))
  • the database should only listen to localhost, or needs to be protected using proper firewall rules. See first line.
  • avoid passing parameters by the url, or protect them. Check if you sc_redir is safe and cannot be highjacked.
  • be aware of sql injection. (test this!)
  • be aware of cross side scripting (test this too for fields that contain data long enough to hold short scripts)
  • put your critical sites under https. Certificates aren’t that expensive any more.
    I wish everybody to be safe without hacks, virusses, malware and all other stuff some people see as a nice way to spoil their time.