CodeIgniter Forums

CodeIgniter Forums > Using CodeIgniter > General Help > Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug)
Full Version: Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug)
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Hobbes

12-13-2014, 07:05 AM
Ok as the title says.

What I want to know is is this something we as CI users have to be worried about?

If so, are there plans by the CI dev's to provide a fix or workaround?

I have a major web application in progress on CI and do not want to release it if this is an issue, at least not releasing it until there is a fix.

includebeer

12-13-2014, 03:13 PM
Heartbleed is a bug in OpenSSL. It has nothing to do with CI. What makes you think CI is affected by this?

Hobbes

12-14-2014, 06:45 AM
reading the documentation for CI3 , for the encryption lib, it mentions it requires openssl and/or mcrypt.

includebeer

12-14-2014, 08:09 AM
(12-14-2014, 06:45 AM)Hobbes Wrote: [ -> ]reading the documentation for CI3 , for the encryption lib, it mentions it requires openssl and/or mcrypt.

Exactly, it requires external libraries on your web server. Those are not part of CodeIgniter so there's nothing to fix in CI. You need to make sure your server run the latest version of OpenSSL (or at least the one with the bug fixed).

Hobbes

12-14-2014, 08:18 AM
Thanks hate. I will check with my server techs and make sure we have the fixed version of openssl.

I just wanted to make sure is all. Thanks for the info
CodeIgniter Forums > Using CodeIgniter > General Help > Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug)