• Introducing WebPros Cloud - a fully managed infrastructure platform purpose-built to simplify the deployment of WebPros products !  WebPros Cloud enables you to easily deliver WebPros solutions — without the complexity of managing the infrastructure.
    Join the pilot program today!
  • Support for BIND DNS has been removed from Plesk for Windows due to security and maintenance risks.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS.

Plesk and security

Linulex

Linulex

Silver Pleskian
Can anyone tell me the security policy of Plesk?

In the app vault i still see Postnuke 0.761a while the official stable release on the postnuke site is 0.764.

This would no be all to bad if the new version was very young and Plesk did not had time yet to implement it. BUT Postnuke 0.764 was released on 20 november 2006 (yes, thats a six)

http://noc.postnuke.com/frs/?group_id=5&release_id=700

I am sure i can find lots of examples like this.

A new feature of the app vault was the ability to update installed scripts, but to my surprice even the manual on how to create app vault rpm's is vanished.

Regards
Jan
 
Linulex said:
Can anyone tell me the security policy of Plesk?

In the app vault i still see Postnuke 0.761a while the official stable release on the postnuke site is 0.764.

This would no be all to bad if the new version was very young and Plesk did not had time yet to implement it. BUT Postnuke 0.764 was released on 20 november 2006 (yes, thats a six)

http://noc.postnuke.com/frs/?group_id=5&release_id=700

I am sure i can find lots of examples like this.

A new feature of the app vault was the ability to update installed scripts, but to my surprice even the manual on how to create app vault rpm's is vanished.

Regards
Jan
Click to expand...

I agree with you in this matter.
 
ideasmultiples said:
Check http://www.apsstandard.com/doc/
Click to expand...

What has this Parrallels self-invented standard to do with the fact that i get a 2 year old security bug infested script packed with my payed-for-software ?????

SaaS is the new hype buzzword that doesnt even apply here. It means running software that used to run on the users pc, now is running at a server in a noc en rented by the month/hour/use/whatever.
How can this even remotely apply to a script that is GPL and was programmed from code sentence 1 to run on a server ????
 
They use that packaging standard to create teh application "packages" in app vault - so if you want to ugprade the packages you would follow the guidelines provided there and then install it into plesk.
 
HostingGuy said:
They use that packaging standard to create teh application "packages" in app vault - so if you want to ugprade the packages you would follow the guidelines provided there and then install it into plesk.
Click to expand...

I dont agree. Plesk is not open source, neither GPLed.
It is software i pay for so i expect it has the latest/stable/secure version of an included package at the time that plesk version is released.

After all, what is the point in paying someone for something and then have to do it yourself????

Unless i have looked over it there is no documentation and/or example on how to create the rpm's in order to install it in plesk.
 
There are docs on creating app vault rpms here: http://swdn.swsoft.com/en/library/plesk/

And lots of Plesk parts use open source licenses (courier, horde, etc). The GUI itself is not, but it does have an API to get into (documented at the same link above).

I agree though, if you're going to charge someone for a package, you should maintain it.
 
Linulex said:
Can anyone tell me the security policy of Plesk?

In the app vault i still see Postnuke 0.761a while the official stable release on the postnuke site is 0.764.

This would no be all to bad if the new version was very young and Plesk did not had time yet to implement it. BUT Postnuke 0.764 was released on 20 november 2006 (yes, thats a six)

http://noc.postnuke.com/frs/?group_id=5&release_id=700

I am sure i can find lots of examples like this.

A new feature of the app vault was the ability to update installed scripts, but to my surprice even the manual on how to create app vault rpm's is vanished.

Regards
Jan
Click to expand...

There is also an old version of WebCalendar with a very large security hole. They also have the updated version - go figure. I've blocked the old version from download by clients.
 
Linulex said:
I was under the impression that the app vault structure changed in 8.3 to the one at www.appstandard.com in order to allow installed scripts to be updated. In the swdn the latest is for 8.2, is this still vallid? If so, my problems are solved.
Click to expand...

Thanks for that link i have never seen that site before now.

Why is parallels packaging old version with new especially when some are known to have bug and security issues? Maybe because of skin and template compatibility or maybe just to advertise they have over 90 packages to lure us. Whichever one it is i would rather have a secured application running on my Server.
FIX IT parallels
 
You must log in or register to reply here.

Similar threads

AYamshanov
Important New Plesk webmail / SOGo Webmail extension
8 9 10
Replies
186
Views
64K
AubsUK
A
korsar
Important Keep your Plesk server up-to-date to have it secure and features complete
Replies
2
Views
12K
IvanV
I
C
WordCamp Cologne 2017: A Special Plesk Recap
Replies
0
Views
2K
Carole Olinger
C
J
Plesk Onyx – Designed for Vultr.com
Replies
0
Views
4K
Joerg Strotmann
J
J
Plesk Onyx – Designed for Vultr.com
Replies
0
Views
4K
joerg
J
Back
Top