xoops forums

JasonMR

Just can't stay away
Posted on: 2005/2/9 22:25
JasonMR
JasonMR (Show more)
Just can't stay away
Posts: 655
Since: 2004/6/21
#131

Re: XOOPS 2.0.10

MarcoFR/Ackbar:

I've noticed this group, and think it's a great project. Unfortunatly they are so fresh, that their site doesn't contain much info.

In some ways intersting, I found this link they provided to the PHP Manual Security pages, which displays the main problem with security and app development: [the developer! Meaning, one can provide the best information, and still people wont implement, what has been pointed out.

DonXoops:

And yes, no matter what we will be doing to the core, the vulnerability is with 3'rd party modules. Especially as people like myself, use XOOPS as means to teach themselves web application development skills.


Thankfully, two new XOOPS projects (at least this is the impression I have), will most likely assist us with this problem (eleviating most of the need for luck; we still need it though, to get the people together to take care of the accompaning workload ):
- Security Group
- Quality Control

To keep up a positivist attitude, I believe there are a couple of other things we could do.

1) on dev.xoops.org wiki, have a page dedicated to "basic security measures" when developing, such as checking all input, never to use "Globals On", etc..., with a link placed amongst all those other "Manuals"

2) have a special forum on dev.xoops.org dedicated to security questions ("hey guys, could you look at this code, and point out any possible security risks?" "Ahh, this might be an offender" "Why" "well....." -> discussion)


Too often do dev's believe, thought once about security, job done. Reality suggests, that checking security is an ongoing issue, which is difficult to implement as dev, as our interest lays first with getting a certain task done, then we worry about how it looks and works, the period at which thoughts regarding security usually/might kick in.

There is no 100% security, but there is 100% security awareness, which we should strive for. And judging by this thread, we are on the right path

Mithrandir

XOOPS is my life!
Posted on: 2005/2/9 22:59
Mithrandir
Mithrandir (Show more)
XOOPS is my life!
Posts: 6320
Since: 2003/6/21
#132

Re: XOOPS 2.0.10

Quote:
1) on dev.xoops.org wiki, have a page dedicated to "basic security measures" when developing, such as checking all input, never to use "Globals On", etc..., with a link placed amongst all those other "Manuals"

We plan on doing that for the next major version of XOOPS. A list of general measures to take as well as how to sanitize tainted data prior to database insertion, how to sanitize it for display and how to sanitize it for editing in forms
Quote:

2) have a special forum on dev.xoops.org dedicated to security questions ("hey guys, could you look at this code, and point out any possible security risks?" "Ahh, this might be an offender" "Why" "well....." -> discussion)

We have that already. Only for developers with projects on the site, though, as we don't want vulnerabilities to be discussed in a publicly viewable forum.

dillywilly7

Just popping in
Posted on: 2005/2/24 22:36
dillywilly7
dillywilly7 (Show more)
Just popping in
Posts: 59
Since: 2005/1/20
#133

Re: XOOPS 2.0.10

Mithrandir you are my hero XOOPS is great but we really need some of the theme designers from php nuke there amazing!

brash

Friend of XOOPS
Posted on: 2005/2/24 23:02
brash
brash (Show more)
Friend of XOOPS
Posts: 2206
Since: 2003/4/10
#134

Re: Xoops On Crack?

Have you looked at any themes by 7dana, StudioC, Incarma, Draven or any other of the other top designers? Personally I've never seen a Nuke theme that has left me gob smacked, they look good, but a tad dated for my tastes.

JasonMR

Just can't stay away
Posted on: 2005/2/25 1:13
JasonMR
JasonMR (Show more)
Just can't stay away
Posts: 655
Since: 2004/6/21
#135

Re: Xoops On Crack?

All comes down to expectations. What you may think is a great theme, others wont, and vice versa.

We are in the process of developing a XOOPS Theme Forge (which is a lot of work, and not many people contributing), that does have the aim to attract more Theme Designers, as well as offer a place for those interested to organize themselves, as well as their project.

Further (the biggest work load), we will offer an extensive resource collection for anything XOOPS Theme related. There will be an Icon, Image, and Template Repository, tutorials concerning different aspects of XOOPS Theme design, a web guide to sites, we Theme Forge developers find/found to especially helpfull.

You know dilliywilly7, the big problem those people that contribute experience, is the lack of help from others. Here at xoops.org I often feel surrounded by 5 year old "I want, I want, I want, NOW!" (not directed at you!).

Having said that. Developing a theme is currently very work intensive, and unfortunaly, while many business like to use XOOPS and come here asking for help, the fewest contribute!!! A big annoyance to me personaly, but that's just the way life is.

@brash: I agree And thanks for pointing this out, these people deserve the credit...all though, as you mentioned, there are a couple more, but I'm so bad when it comes to name

Draven

Module Developer
Posted on: 2005/2/25 16:26
Draven
Draven (Show more)
Module Developer
Posts: 337
Since: 2003/5/28
#136

Re: Xoops On Crack?

Quote:

brash wrote:
Have you looked at any themes by 7dana, StudioC, Incarma, Draven or any other of the other top designers? Personally I've never seen a Nuke theme that has left me gob smacked, they look good, but a tad dated for my tastes.


Thanks Brash,

Allairis.com offers professional custom theme development for Xoops, but at a cost. Please feel free to contact me if you are looking for a more professional theme. Much more than what you see on average here is possible with Xoops, just not for free.

Have a look at http://www.fantasybaseball.com. This site is still under development but utilizes a lot of the unique features of XOOPS and shows what it's caspable of.

DoXology

Just popping in
Posted on: 2005/2/27 2:22
DoXology
DoXology (Show more)
Just popping in
Posts: 3
Since: 2005/2/27
#137

Re: Xoops On Crack?

AHH I can't delete the post

Sorry about this

Barford_02

Just popping in
Posted on: 2005/2/28 0:22
Barford_02
Barford_02 (Show more)
Just popping in
Posts: 10
Since: 2005/2/14
#138

a final end

okay everybody now that this debate is over lets all endevour to further xoops

lets all just be friends

dillywilly7

Just popping in
Posted on: 2005/3/1 1:10
dillywilly7
dillywilly7 (Show more)
Just popping in
Posts: 59
Since: 2005/1/20
#139

Re: a final end

Lets talk about what we can do to make these themes better and more appealing to everyone.
Posted on: 2005/3/1 2:50
DonXoop
DonXoop (Show more)
Posts: 1171
Since: 2003/11/27
#140

Re: a final end

Quote:

dillywilly7 wrote:
Lets talk about what we can do to make these themes better and more appealing to everyone.


OK, but how about starting a new thread about themes if that is what you want?

Back on topic...
After reading this thread I've determined for myself that XOOPS is NOT on crack. I'm pretty sure about that. For me that closes this one. (that doesn't mean that all XOOPS users aren't on crack, the code is fine {core})


"The thread fell down but keeps getting up..."