• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Plesk and security

Linulex

Linulex

Silver Pleskian
Can anyone tell me the security policy of Plesk?

In the app vault i still see Postnuke 0.761a while the official stable release on the postnuke site is 0.764.

This would no be all to bad if the new version was very young and Plesk did not had time yet to implement it. BUT Postnuke 0.764 was released on 20 november 2006 (yes, thats a six)

http://noc.postnuke.com/frs/?group_id=5&release_id=700

I am sure i can find lots of examples like this.

A new feature of the app vault was the ability to update installed scripts, but to my surprice even the manual on how to create app vault rpm's is vanished.

Regards
Jan
 
Linulex said:
Can anyone tell me the security policy of Plesk?

In the app vault i still see Postnuke 0.761a while the official stable release on the postnuke site is 0.764.

This would no be all to bad if the new version was very young and Plesk did not had time yet to implement it. BUT Postnuke 0.764 was released on 20 november 2006 (yes, thats a six)

http://noc.postnuke.com/frs/?group_id=5&release_id=700

I am sure i can find lots of examples like this.

A new feature of the app vault was the ability to update installed scripts, but to my surprice even the manual on how to create app vault rpm's is vanished.

Regards
Jan
Click to expand...

I agree with you in this matter.
 
ideasmultiples said:
Check http://www.apsstandard.com/doc/
Click to expand...

What has this Parrallels self-invented standard to do with the fact that i get a 2 year old security bug infested script packed with my payed-for-software ?????

SaaS is the new hype buzzword that doesnt even apply here. It means running software that used to run on the users pc, now is running at a server in a noc en rented by the month/hour/use/whatever.
How can this even remotely apply to a script that is GPL and was programmed from code sentence 1 to run on a server ????
 
They use that packaging standard to create teh application "packages" in app vault - so if you want to ugprade the packages you would follow the guidelines provided there and then install it into plesk.
 
HostingGuy said:
They use that packaging standard to create teh application "packages" in app vault - so if you want to ugprade the packages you would follow the guidelines provided there and then install it into plesk.
Click to expand...

I dont agree. Plesk is not open source, neither GPLed.
It is software i pay for so i expect it has the latest/stable/secure version of an included package at the time that plesk version is released.

After all, what is the point in paying someone for something and then have to do it yourself????

Unless i have looked over it there is no documentation and/or example on how to create the rpm's in order to install it in plesk.
 
There are docs on creating app vault rpms here: http://swdn.swsoft.com/en/library/plesk/

And lots of Plesk parts use open source licenses (courier, horde, etc). The GUI itself is not, but it does have an API to get into (documented at the same link above).

I agree though, if you're going to charge someone for a package, you should maintain it.
 
Linulex said:
Can anyone tell me the security policy of Plesk?

In the app vault i still see Postnuke 0.761a while the official stable release on the postnuke site is 0.764.

This would no be all to bad if the new version was very young and Plesk did not had time yet to implement it. BUT Postnuke 0.764 was released on 20 november 2006 (yes, thats a six)

http://noc.postnuke.com/frs/?group_id=5&release_id=700

I am sure i can find lots of examples like this.

A new feature of the app vault was the ability to update installed scripts, but to my surprice even the manual on how to create app vault rpm's is vanished.

Regards
Jan
Click to expand...

There is also an old version of WebCalendar with a very large security hole. They also have the updated version - go figure. I've blocked the old version from download by clients.
 
Linulex said:
I was under the impression that the app vault structure changed in 8.3 to the one at www.appstandard.com in order to allow installed scripts to be updated. In the swdn the latest is for 8.2, is this still vallid? If so, my problems are solved.
Click to expand...

Thanks for that link i have never seen that site before now.

Why is parallels packaging old version with new especially when some are known to have bug and security issues? Maybe because of skin and template compatibility or maybe just to advertise they have over 90 packages to lure us. Whichever one it is i would rather have a secured application running on my Server.
FIX IT parallels
 
You must log in or register to reply here.

Similar threads

AYamshanov
Important New Plesk webmail / SOGo Webmail extension
8 9 10
Replies
186
Views
61K
AubsUK
A
korsar
Important Keep your Plesk server up-to-date to have it secure and features complete
Replies
2
Views
11K
IvanV
I
C
WordCamp Cologne 2017: A Special Plesk Recap
Replies
0
Views
2K
Carole Olinger
C
J
Plesk Onyx – Designed for Vultr.com
Replies
0
Views
3K
Joerg Strotmann
J
J
Plesk Onyx – Designed for Vultr.com
Replies
0
Views
3K
joerg
J
Back
Top