MarcoFR/Ackbar:

I've noticed this group, and think it's a great project. Unfortunatly they are so fresh, that their site doesn't contain much info.

In some ways intersting, I found this link they provided to the PHP Manual Security pages, which displays the main problem with security and app development: [the developer! Meaning, one can provide the best information, and still people wont implement, what has been pointed out.

DonXoops:

And yes, no matter what we will be doing to the core, the vulnerability is with 3'rd party modules. Especially as people like myself, use XOOPS as means to teach themselves web application development skills.


Thankfully, two new XOOPS projects (at least this is the impression I have), will most likely assist us with this problem (eleviating most of the need for luck; we still need it though, to get the people together to take care of the accompaning workload ):
- Security Group
- Quality Control

To keep up a positivist attitude, I believe there are a couple of other things we could do.

1) on dev.xoops.org wiki, have a page dedicated to "basic security measures" when developing, such as checking all input, never to use "Globals On", etc..., with a link placed amongst all those other "Manuals"

2) have a special forum on dev.xoops.org dedicated to security questions ("hey guys, could you look at this code, and point out any possible security risks?" "Ahh, this might be an offender" "Why" "well....." -> discussion)


Too often do dev's believe, thought once about security, job done. Reality suggests, that checking security is an ongoing issue, which is difficult to implement as dev, as our interest lays first with getting a certain task done, then we worry about how it looks and works, the period at which thoughts regarding security usually/might kick in.

There is no 100% security, but there is 100% security awareness, which we should strive for. And judging by this thread, we are on the right path

Quote:
We plan on doing that for the next major version of XOOPS. A list of general measures to take as well as how to sanitize tainted data prior to database insertion, how to sanitize it for display and how to sanitize it for editing in forms
Quote:
We have that already. Only for developers with projects on the site, though, as we don't want vulnerabilities to be discussed in a publicly viewable forum.

Mithrandir you are my hero XOOPS is great but we really need some of the theme designers from php nuke there amazing!

Have you looked at any themes by 7dana, StudioC, Incarma, Draven or any other of the other top designers? Personally I've never seen a Nuke theme that has left me gob smacked, they look good, but a tad dated for my tastes.

All comes down to expectations. What you may think is a great theme, others wont, and vice versa.

We are in the process of developing a XOOPS Theme Forge (which is a lot of work, and not many people contributing), that does have the aim to attract more Theme Designers, as well as offer a place for those interested to organize themselves, as well as their project.

Further (the biggest work load), we will offer an extensive resource collection for anything XOOPS Theme related. There will be an Icon, Image, and Template Repository, tutorials concerning different aspects of XOOPS Theme design, a web guide to sites, we Theme Forge developers find/found to especially helpfull.

You know dilliywilly7, the big problem those people that contribute experience, is the lack of help from others. Here at xoops.org I often feel surrounded by 5 year old "I want, I want, I want, NOW!" (not directed at you!).

Having said that. Developing a theme is currently very work intensive, and unfortunaly, while many business like to use XOOPS and come here asking for help, the fewest contribute!!! A big annoyance to me personaly, but that's just the way life is.

@brash: I agree And thanks for pointing this out, these people deserve the credit...all though, as you mentioned, there are a couple more, but I'm so bad when it comes to name

Quote:

Thanks Brash,

Allairis.com offers professional custom theme development for Xoops, but at a cost. Please feel free to contact me if you are looking for a more professional theme. Much more than what you see on average here is possible with Xoops, just not for free.

Have a look at http://www.fantasybaseball.com. This site is still under development but utilizes a lot of the unique features of XOOPS and shows what it's caspable of.

AHH I can't delete the post

Sorry about this

okay everybody now that this debate is over lets all endevour to further xoops

lets all just be friends

Lets talk about what we can do to make these themes better and more appealing to everyone.

Quote:

OK, but how about starting a new thread about themes if that is what you want?

Back on topic...
After reading this thread I've determined for myself that XOOPS is NOT on crack. I'm pretty sure about that. For me that closes this one. (that doesn't mean that all XOOPS users aren't on crack, the code is fine {core})


"The thread fell down but keeps getting up..."