ocPortal

9 released. Read the full article for a list of changes, and upgrade information.

The ocPortal.com/myocp.com personal ocPortal demos are about to be updated to ocPortal version 9.Version 9 is currently in its 3rd public beta, and the beta has proved very stable so a gold release will come quite soon.We want the demos to reflect ... [More] where ocPortal will be in the near future, as that's what evaluators are planning against.Additionally upgrading it in advance will take some extra pressure off during the formal v9 release period.Update: We're done! The demos now run version 9. [Less]

8.1.3 released. Read the full article for a list of changes, and upgrade information.

9 beta3 released. Read the full article for a list of changes, and upgrade information.

Hello all,We have been kindly advised by YEHG on some potential vulnerabilities in ocPortal. As it turns out these issues only occur in poorly configured environments and would even then be tricky for a hacker to exploit. We therefore are updating ... [More] our advice on how to best configure ocPortal so that it is clear why certain situations would lower security.The following sections have been added to our security tutorial… Protect your domain name It is important that you don't use a public domain name, or give people access to upload their own sites to your domain. If you do, basic web browser security walls will be broken down, and someone malicious could use techniques to extract your access from you. Giving other's access to subdomains is generally okay, so long as you are careful to configure your cookies so that only the main domain can read them. Protect your session security We recommend the 'Enforce IP addresses for sessions' option is left enabled. If you are on some kind of network such as TOR where your IP address may randomly change, we advise to not use this when administering ocPortal – it will greatly reduce your security. If you have an ISP where your IP address changes very frequently, you may want to consider a more reliable ISP.For a break-down of the risk of disabling this option, see this tracker discussion:0000708: Increase complexity of session IDs - ocPortal feature tracker Client-side measures Referrers All users with privileged access should have referrers enabled in their web browser. Without this, ocPortal can't prevent malicious requests being redirected through to your own website's forms from other (malicious) websites.By default browsers do have referrers enabled, but some firewall products may disable them for very minor privacy reasons (to stop a website knowing what link you followed to get to it, which most people would agree is not really a privacy issue to them at all).To check you have referrers enabled, go to OcCLE (Admin Zone > Tools > OcCLE) and type: Code :echo ocp_srv('HTTP_REFERER'); You'll get a URL back that is a URL under your own website.If you get a blank result, or something like 'unset' or 'hidden', you need to find out why referrers are disabled and re-enable them. We may consider future changes to ocPortal that mitigate risks on these insecure scenarios, but there's really no good reason for them to occur and they are all intrinsically problematic regardless of ocPortal's behaviour – so the best course of action is just to make sure they don't apply to you. [Less]

9 beta2 released. Read the full article for a list of changes, and upgrade information.

8.1.2 released. Read the full article for a list of changes, and upgrade information.

If you are using the ocPortal/OCF 'clubs' feature, and you are using page permissions, then those page permissions won't be respected for club members.A hotfix for this issue in 8.1.1 follows:0000678: Page permissions don't work if a member is in a ... [More] club - ocPortal feature trackerAdditionally, here is the fix for 7.1.6: Attachment Fix for 7.1.6: sources/permissions.php » Download: permissions.php (31 Kb, 3 downloads so far) Most users use zone or category permissions rather than page permissions, however for affected users this is a very important fix. It is recommended that all users install it, regardless of whether you think you may be affected or not. [Less]

9 beta1 released. Read the full article for a list of changes, and upgrade information.

We'd like to thank Webhosting Search for letting us know ocPortal is now included in their list of the best web tools.Webhosting Search has been in operation since 1998 and only lists the very best tools in each category.