Thread

Hi,
I’ve taken over a website from another developer and it’s actually the first time I’ve looked into EE..

We now have had some major hickups with this site being php injected.

Luckily, we got it up and running again but who knows when it’s going to happen again..

The next upgrade from 1.6.8 would be to 1.7, is this the furthest possible ? Are there any additional tools/ plugins of EE that can make this version a bit more secure ?

I’ve heard that the 2.x release of EE is actually coded differently, so I guess it would be a big job upgrading from the 1.68 release ?

Thanks heaps

I think 1.7.1 is the upgrade in the 1.x branch…..

If your site is fairly stock, the upgrade to 2 could be fairly easy….

As to the injection - have you looked at the various permissions as to allowance to run php inside EE templates? I’m no expert on this, but it seems to me that the stock version of EE (no php allowed) would be too secure to allow easy injection….I’ve never had anything like that happen over the 7 years I’ve used the product…

Thanks for your help here, Craig.

jdesign, Craig is right, EE is very secure against injection attempts, but since it’s a very flexible platform on top of which developers can do a lot, that means that a developer could potentially code their templates in a way to allow an SQL injection by taking input from the browser and throwing it in a query without filtering it.

But yes, 1.7.1 is the latest in the EE 1.x branch and is very stable and secure. It is recommended to upgrade to this version if not EE 2. In considering whether or not to upgrade to EE 2, it may help to know that support for EE 1 will be ending soon.

Hi Guys, thanks a lot for the info.

Thanks jdesign. Feel free to start a new thread if you have any more questions.