eZ Publish series 4.x up to 4.6 comes equipped with an unique feature – vital user information can easily be obtained with no hassle. It comes with a feature called “ezjscnode” already enabled by default and when enabled this little gem will happily provide us with information about every existing object. When viewing users itContinue reading “eZ Publish: ezjscnode (ezjscore) security hole”
Category Archives: Ezpublish
eZ Publish – determine version, heartbeat and copyright
ez Publish provides us with a module called “ezinfo” which we can utilize to get important information about the running system. Amongst the information we can extract from this module is: eZ Publish version which modules installed if the system is able to communicate with the back-end copyright Please note that “ezinfo” does not interfaceContinue reading “eZ Publish – determine version, heartbeat and copyright”
ez Publish password encryption methods
It is always interesting looking at various CMS’s and how they implement security. For this post I’ll be covering the methods eZ Publish up to (at least) release 4.6 uses. This post is based on the following PHP class file: kernel\classes\datatypes\ezuser\ezuser.php. More information can be found there. Various password constants and their use The basisContinue reading “ez Publish password encryption methods”
reedphish 