Gesior or Modern AAC?

[arturhaddad]

Yeaaaah, I know Modern AAC is told to be safer

I've worked with it for a long time, but I always faced some bugs, and it seems there are a lot of security fixes to be done, etc

A friend of mine uses Gesior, he said that with the recent updates and security glitches it is very good to use, and I've seen that many great servers still uses Gesior, and I wanna know if I patch my Gesior website with the security codes, it would be relatively "safe"?

Or shouldn't I use Gesior anyway? A good reason? Great security breaches still open, even with the security patches?

Thanks!!!!

 

[Pietia]

I have almost never applied security patch to gesior (except pot issue) which I downloaded from orginal author but keep in mind to not use powergamers an external scripts from gesior(sql injection issue) and nginx (guild bugs with PHP config of nginx) ofc if you fix or ask for fix you can use it.
Also there is problem with polish shop system but that's player-abuse thing not really related to security
Probably I forgot about sth but anyway I stick with gesior since I have saw in modern acc svn log like this News - ModernAAC security issue, found and fixed..

Keep in mind that modern is not mostly used by the community and it's still being tested concerning security issues while gesior is mostly is already tested by many people and vulnerable things were already posted in forum...
Also make sure that you do not use any pool system or new house system without first looking at comments since I saw problems with that about SQL injections or even dir access.
If you are unsure you can always use things like chroot on linux or in windows ModSecurity Blog: Jailing Apache On Windows
NOBODY IS SAFE

 

[Paxton]

Let's look at this from different point of view.

Difference between Modern and Gesior is that even if Modern has security issues, they can be spotted out because code can be actually readable and everything got it's own logical place. (At least v2 which seems to be extremely safe).

Now if you look at Gesior, you don't know where your $_POST data went through and while developing on Gesior you have to think about security while on Modern the system does it for you, and provides you with safe data which you put into functions that makes it even more safe.

--

Modern v2 has completely different point of security, first of all like I said you can read and understand the code. In Modern v2 no sql is being written, so no worries about SQL injections. Now, if someones spots an error in new Modern it can be easily fixed, while in Gesior it cannot be, because that would mean endless hours of trying to find the right code.

If you read my signature, I do admit there are PROBABLY security issues with Modern v1 but I don't know any. I came up with this conclusion by comparing Modern v1 to Modern v2 and te difference between systems are huge.

Modern AAC was safe for 7 months now I believe, and I've never actually spotted any security issue with it, I know there were few but I didn't notice any harm.

It's up to you what you would like to use, I personally believe that v2 will be unbeatable and not because of 'no ways of hacking' because nothing is perfect and I'm sure there will be always something found, but because of the code of v2 which allows it to easy patch things and fix them up, even for a noob user, everything seems to be extremely logical which I'm afraid is not in Gesior AAC, and I repeat I'm not saying that Modern is better or something, but there are different factors which is better at which makes it more secure. It's not really about how many times who has been hacked. It's about how fast and secure you fixed the problem. There is nothing such perfect software, everything needs it's time to be spotted, Gesior is very popular because is old, Modern AAC is still quite a new system which people didn't get used to it. Hopefully it will change when we will bring v2 with rewritten code.