PHPIDS » Web Application Security 2.0

We are pleased to announce the long overdue new WPIDS release. This package is supposed to be a bug-fix release, since several problems were reported and have been wiped out. Here’s a small list of the most important issues:

• In previous versions XML-RPC was blocked completely, now you have a option to enable/disable it
• The search now works for non English chars. Before the fix all non English characters where dropped
• A bug within the logging facility caused it that all logged entries were added with a lower impact than supposed to be

Of course this version ships with the latest PHPIDS version which is currently 0.4.7. Anyway they’re still lots of work to do. For example the login page is displayed with some error/warning message. Also it turned out to not be very wise to check on the HTTP_REFERER since it throws too many false alerts.

Since the mentioned problems don’t affect your site’s security nor work flow, are they planned to resist up to the next bigger release. The next release is planned to be the Version 0.2 of WPIDS, which will be completely rewritten. Some features of Lockdown - the embedded sister project - will be kept and will be manages as opt out. Furthermore Version 0.2 will come with more granular maintenance and configuration options.

The download is available as Full Package, or you can get it from the SVN.

This entry was posted on Thursday, February 21st, 2008 at 1:34 am and is filed under WPIDS. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.