Bienvenue, Invité
Nom d'utilisateur : Mot de passe : Se souvenir de moi

SUJET : How safe is LimeSurvey?

How safe is LimeSurvey? il y a 1 an 6 mois #90517

  • Raptor
  • Portrait de Raptor
  • Hors ligne
  • Fresh Lemon
  • Messages : 6
  • Karma: 0
I am new to LimeSurvey. And this is my first encounter with the software.

First I have to admit that your job is very helpful to our college and community.

I am concerned about the security of the application and the possible attacks or backdoors that by installing this application on my server, it can cause for me. How can I be sure about the security of the software? What can I do to increase the security, as an admin?

Thank you for your help and I am only asking this because I found these on the net:

www.exploit-db.com/exploits/19330/
www.exploit-db.com/exploits/18508/
www.exploit-db.com/exploits/4544/
www.exploit-db.com/exploits/4156/

Thank you
And please keep up the good job.
L'administrateur a désactivé l'accès en écriture pour le public.

Re: How safe is LimeSurvey? il y a 1 an 6 mois #90525

  • Fred
  • Portrait de Fred
  • Hors ligne
  • Gold Lime
  • Messages : 163
  • Remerciements reçus 5
  • Karma: 3
That's a good question. Limesurvey is a lot like any "user generated content" application and users can try to exploit that. And because it's open source anyone can look under the hood and look for exploits

But then, anyone can also report problems to the developers also. I know they respond quickly to this stuff. Here's an example from the bugs site. Look around and you'll see others.
bugs.limesurvey.org/view.php?id=7105

There are some installation security hints in the manual. Most of this is typical Linux application security: docs.limesurvey.org/Installation+security+hints

BTW, most of those exploits you posted are ancient. :)
L'administrateur a désactivé l'accès en écriture pour le public.
Cet utilisateur a été remercié pour son message par: Raptor

Re: How safe is LimeSurvey? il y a 1 an 6 mois #90528

  • Mazi
  • Portrait de Mazi
  • Hors ligne
  • LimeSurvey Team
  • Messages : 5300
  • Remerciements reçus 291
  • Karma: 247
Two of these issues are from 2007 so they are more than 5 years old. Another one refers to the old 1.91 version which isn't used that much and the latest issue is already fixed as well.

Anyway, if you find any further issues, please file a ticket at our bugtracker and we will fix it as soon as possible.

Best regards/Beste Grüße,
Dr. Marcel Minke
(Limesurvey Head of Support)
Need Help? We offer professional Limesurvey support
Contact: marcel.minke(at)limesurvey.org'"
L'administrateur a désactivé l'accès en écriture pour le public.
Cet utilisateur a été remercié pour son message par: Raptor

Re: How safe is LimeSurvey? il y a 1 an 5 mois #92073

  • Raptor
  • Portrait de Raptor
  • Hors ligne
  • Fresh Lemon
  • Messages : 6
  • Karma: 0
I know. And thanks for calling them ancient not anything else... ;)
I just wanted to have a ruler to measure how sure I can be with my lovely LimeSurvey installation, that's all.
Dernière édition: il y a 1 an 5 mois par Raptor. Raison: I forgot to mention sth
L'administrateur a désactivé l'accès en écriture pour le public.

Re: How safe is LimeSurvey? il y a 1 an 5 mois #92121

  • lowprofile
  • Portrait de lowprofile
  • Hors ligne
  • Junior Lime
  • Messages : 22
  • Remerciements reçus 1
  • Karma: 0
If an exploit is discovered for pre 2.0 ..eg 1.92+ 120919 will there be any patches?
L'administrateur a désactivé l'accès en écriture pour le public.

Re: How safe is LimeSurvey? il y a 1 an 5 mois #92134

  • c_schmitz
  • Portrait de c_schmitz
  • Hors ligne
  • LimeSurvey Team
  • Messages : 744
  • Remerciements reçus 99
  • Karma: 87
No, sorry.
Support us, too. Donate to the LimeSurvey project and help keep us going!
L'administrateur a désactivé l'accès en écriture pour le public.

Re: How safe is LimeSurvey? il y a 1 an 5 mois #92259

  • StuartMark0
  • Portrait de StuartMark0
  • Hors ligne
  • Junior Lime
  • Messages : 26
  • Karma: 0
On a similar note, what happens when I delete any survey post completion, does it deletes just the tables or everything from my server or Lime Survey's server? Is there any possibility that someone can sneak in later and get an access to the deleted surveys?(Survey script, Datafile, Tokens along with contact list)
L'administrateur a désactivé l'accès en écriture pour le public.
Modérateurs: ITEd
Temps de génération de la page : 0.168 secondes
Donation Image