Leaderboard

I was actually just working on my email templates..

This belongs to CORE-621. No official ETA, but it is planned. You can use HTML, but no pre-selection of templates or a super robust interface like Campaign Monitor or Mailchimp. (We actually recommend these guys for mass email marketing, they have nice analytics)

We hope to have something for you to test pretty soon Dave. We will be reporting our security finds through the proper channels, in the proper way. I can only imagine what we would find if we were performing an actual security audit, and not just stumbling around like a normal user. We are extremely grateful when we are contacted privately about possible security issues in our software.

I like the way Steven from Rack911 handles these. He contacts the vendor first and gives them ample time and opportunity to fix the problem. If the exploit is severe and the vendor's response is "meh", he'll then post about it on WHT. He won't post the exploit steps or where the exploit resides, but he'll make everyone aware that critical vulnerabilities were uncovered, that the vendor was contacted on xx/xx/xx, and that their response was "meh". In the meantime, do keep working on the import module. Lots of us are eagerly awaiting an import module for our current billing system.

It's almost annoying how vulnerabilities jump out at him. I could hear gasps of shock at my desk as he went through it.

The ability to add custom links to the client navigation bar without diving into the code would be a good addition. For example, if you have a support system (Kayako et. al) that you need to link to, or a forum etc.

We're working on getting an importer working for a certain billing solution, so with the intent of adding data into the system I reluctantly log in. I get about two clicks in when suddenly, my pupils dilate, my palms get sweaty, and I begin to salivate uncontrolably. I've only been logged in for a few brief moments and already I've stumbled upon an exploit. I'm thinking, "Okay, that was easy." But I've got work to do. We need to get some test data in there so we can verify the importer. Click, click... vulnerability. Click, vulnerability, click, click, vulnerability, vulnerability, vulnerability. Seriously? A few hours of inputing data and I've discovered more than a dozen vulnerabilities, without looking. No doubt there are many more. They range from mildly amuzing, to "OH $*&! Restore backup!". How do you think we should handle this situation?* *Obviously we'll be disclosing these vulnerabilities to the proper channels... in due time.

That's how it's done today.

i think you can go with client custom field . as the fields are need just for a record . not useed in any marchent or non marchent gateay . all the operation should be done via the bank .

We get brush fires often, especially in this summer heat. But these are usually in the hills where homes are not lined up in rows, like in the cities. Being in a city, the threat of a fire is nil, and extends mostly to whether you left your stove on or not. But either way, the fire departments get on them so fast there really isn't much to worry about.

I believe Paul was referring to Payment Accounts in Blesta, as they do not save payment account details for Nonmerchant Gateways. And as Paul mentioned, it would be helpful to us to see documentation from gateways that accept these fields.

Module integrated with those services could be a nice option.

Blesta can do better haha

It would be nice if when emailing a client we had the option to select a template to send the client. This came in handy when using our old billing system.

Would you be so kind to share with us what kind of exploits? The technical people around here enjoy this kind of stuff. Perhaps not exactly what or where (or which competitor) but at least the type of exploit? SQL injections, privilege escalation, simply flawed beyond repair?

I'm all for the link idea. I think its great. In fact it would be awesome if the menu was set up like a custom menu in WordPress, theirs is the best I have seen!

Went smooth! At what point are we going to be able to do the updates from within Blesta itself. At the moment, it is a bit of a pain as you have to be logged in, download the patch/package, upload it to the server, unzip, then run install. Can't wait until I can do this all from within Blesta itself and thus save a lot of time.

Nonmerchant gateways do not save any payment details in Payment Accounts, like merchant gateways do credit card and bank details. What gateways currently request these additional fields? If they have API documentation we can look at, it would be helpful.

To edit the host file just incase you don't know how to do this, you go to /windows/system32/drivers/etc/ and then drag + Shift it to your desktop, then right click it and open it in notepad. When your finished editting save it, and drag it back into the folder and overwrite it. Job done .