As a third-party developer, you do not have to use the normal Joomla!
access control. If you choose to use a custom access control system and the Joomla!
MVC, you may want to consider overriding the authorize() method in your
JController subclasses.
Attacks
Whether or not we like to think about it, there is always the potential threat of an
attacker gaining access to our Joomla! websites. The most common way in which
security is breached in Joomla! is through third-party extension security flaws.
Due to the number of extensions that have security defects, there is an official list
of extensions that are considered insecure, available in the FAQ sections at
http://help.joomla.org.
It is very important that, as third-party extension developers, we take great care in
making our extensions as secure as we can. In this section we will investigate some
of the more common forms of attack and how we can prevent them from affecting
our extensions and we will take a look at how we can deal with users whom we
believe to be attackers.
Pages:
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453