Page 1 of 1

FAQ: How to choose secure extensions (Part 2)

Posted: Sat Sep 23, 2006 8:46 pm
by rliskey
Although the Joomla! core is secure when configured correctly, third party extensions come in all flavors of age and quality. Unless you absolutely trust the extension developer, always review the code should before installing. The following is a list of typical areas of concern.

1. How complex is the extension? The larger it is, the more likely it is to have problems, and the more carefully you should review it. If you can't tell what it's doing, you should not trust it.

2. Does the extension read or write files to your server? Programs that read files may inadvertently violate access restrictions you've set up, or pass sensitive system information to crackers. Programs that write files have the potential to modify or damage existing files, or introduce trojan horses.

3. Does the extension interact with other programs on your system? For example, many extensions send e-mail in response to a form input by opening a connection with the sendmail program. Is it doing this in a safe way?

4. Does the extension run with suid (set-user-id) privileges? In general this is very dangerous; extensions need an excellent reasons for doing this.

5. Does the extension validate all user input, such as in form fields and in the URL?

6. Does the extension use explicit path names when invoking external programs? Relying on the PATH environment variable to resolve partial path names is a dangerous practice.

7. Is the extension secure against direct access throught the URL? For example:

Code: Select all

www.yoursite.com/components/com_bad_extension.php?lots_of_bad_code_here
8. Is the extension secure against remote file inclusions?

9. Is the extension secure against SQL injections?

10. Is the extension secure against Cross Site Scripting (XSS)?

11. Does the extension need PHP register_globals ON, or Joomla! RG Emulation ON? If so, then it is probably violating number 7 above.

12. Does the extension provide higher database access to less privileged users? For example does it allow guests or registered users to view data that only publishers or administrators should be able to see?

For details on items 7 through 12, see this great post by friesengeist:
http://forum.joomla.org/index.php/topic,78781.0.html