CodeIgniter Forums
Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug) - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Using CodeIgniter (https://forum.codeigniter.com/forum-5.html)
+--- Forum: General Help (https://forum.codeigniter.com/forum-24.html)
+--- Thread: Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug) (/thread-521.html)



Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug) - Hobbes - 12-13-2014

Ok as the title says.

What I want to know is is this something we as CI users have to be worried about?

If so, are there plans by the CI dev's to provide a fix or workaround?

I have a major web application in progress on CI and do not want to release it if this is an issue, at least not releasing it until there is a fix.


RE: Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug) - includebeer - 12-13-2014

Heartbleed is a bug in OpenSSL. It has nothing to do with CI. What makes you think CI is affected by this?


RE: Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug) - Hobbes - 12-14-2014

reading the documentation for CI3 , for the encryption lib, it mentions it requires openssl and/or mcrypt.


RE: Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug) - includebeer - 12-14-2014

(12-14-2014, 06:45 AM)Hobbes Wrote: reading the documentation for CI3 , for the encryption lib, it mentions it requires openssl and/or mcrypt.

Exactly, it requires external libraries on your web server. Those are not part of CodeIgniter so there's nothing to fix in CI. You need to make sure your server run the latest version of OpenSSL (or at least the one with the bug fixed).


RE: Potential Major Security Problem in the Encryption lib's (IE: Heartbleed Bug) - Hobbes - 12-14-2014

Thanks hate. I will check with my server techs and make sure we have the fixed version of openssl.

I just wanted to make sure is all. Thanks for the info