Security Issues !?

[Keith]

Hello,

I am just trying to experiment OpenGoo inside the faculty for project management and collaboration works. Everyone in general is quite happy with its easy and intuitive design especially for profs and students although there is somehow a little buggy, e.g. unable to unfold the Revisions just after checkin the file, but it works after login again.

However, recently we just got the message from the computer center asking us to update to the latest ver. of ProjectPier due to the security reason (they are very sensitive to any services running inside the campus) Well, after googling it, I noticed it is based on a fork of the activeCollab project before its commercialization, but it seems I can do nothing about it.

Does anyone have any idea of solving it?

[Pet]

I'm not sure what you are asking.  Are you asking the OpenGoo community how to update your ProjectPier install?  If so, you should be asking on their forums.

[Keith]

Er... It's not what I meant, but I think I have to make my question more clear.

Actually, the ProjectPier is not installed in the sever which runs OpenGoo in my faculty. We are thinking probably the computer center thinks the activeCollab, which OpenGoo is base on, is the previous version of ProjecPier and asked us to upgrade it. Due to this inference, I am thinking if there is anything I could do on the code or settings to "deceive" the computer center to solve this hassle.

[Pet]

oic...

There is some relevant discussion in this thread that might interest you.  Although to be honest, they are 3 completely separate products now (although they share some common heritage) so what they are saying doesn't make sense.  As well, you'll find that PP development has been more or less dormant for a very long time, although the developers poke away at things every now and again.

Note that I have no facts to base my opinion on, but I'd say PP would be the most worrisome in terms of security simply due to the lack of developer activity level, if indeed there are any security concerns.

I'd be asking your computer center to outline their specific concerns so that they could be better addressed. ("help us help you")

 

[ignacio]

You have to find out why the computer center is mistaking OpenGoo with Project Pier (how does it perform the detection). Then we can tell you what to change to avoid it.

Cheers.

[Keith]

Ja, I think it would be better to ask the computer center directly. Thanks for the suggestions.

Once I get any info I'll let you know.

Cheers

[Keith]

You have to find out why the computer center is mistaking OpenGoo with Project Pier (how does it perform the detection). Then we can tell you what to change to avoid it.

Cheers.

Because I am not the person who directly have a connection with the people in the computer center, it always takes some time to get the information. Besides, it seems that the person who sent the warning to us is not a technician but a normal staff getting the results from the computer and sending errors/warnings to the corresponding person.

According to the news I got, it seems that the computer center has a cooperation with a company which analysis the open services inside the university domain and compare the pages, e.g. index.php, with its inner database to see if there is any suspicious patterns. And, this is the reason why the computer center mistook OpenGoo with Project Pier.

I know it's not a such precise answer but this is the only one in my hand.