With the release of SUPEE-9767 there seems a lot of confusion around APPSEC-1281 and how and/or why symlinks are dangerous or being exploited. I’m going to try and add some clarification (or you know, muddy the waters even more if I’m wrong). What’s the Exploit As far as I’m aware, symlinks in themselves are not
Since everyone else in the Magento community seems to be blogging about their experiences at Magento Imagine, I decided I should probably break my dry spell (of posting updates, don’t worry, I haven’t stopped drinking) and do the same. After all, just like the next man, I don’t like missing out on any passing fad.
Over the last few years, Magento has gradually increased protection against CSRF attacks. The most common defence against such attacks is to require a form key (a randomly generated string, unique to the session) to be submitted with all actions that perform update/insert commands on the server. In version 184.108.40.206 this protection was implemented for
After seeing a bunch of ‘year in review’ articles last year. I decided I’d take a crack at it myself this year. Since I don’t blog that much I figured I’d expand it to include some of the other activities I got up to last year.
Hopefully this will become my blog, I’m a very busy man though, so it’s pretty impossible to say when (if) it will happen.