Seperate security forum...

Isn't it time to separate the security issues from the core sections? It seems it has been a large enough issue, it should have it's own forum section.

Security talk appears everywhere. It's better late than never to organize and start to put it all in one place, a separate forum section.

I got hit again, and trying to find something helpful I've already seen is a bit hard.

Possibly even point ppl to the e107security.org site, if we can't have a seperate section here.

what are you actually looking for?
most of the information is already out there but i do agree, only problem is the real security problems should be sent to a dev first and all the other info normally isn't a real security problem.

I'm a little bit lost too, are you after:

A: A forum section to discuss core security issues?
B: A forum section to discuss security issues outside of e107?

Its not a good thing to have a security forum in the open if there are exploits there.

e107 should have a place where:
1. All user can add security issues and view their own contributions
2. a group of selected VIP/Known persons/Support/Admins/Other people with long experience with e107 have access to see and discuss the issues.

But this a side, I don't think there is a real need for this.

What I see now is a lot of separate posts related to hacks, and some "Stickys" on what to do. I think if there was a separate security forum here, or a link to e107security.com, all that info would be in one place, and easier to find.

Things like sites hacked, How to recover, how to protect against it. Questions about how to, fix, recover, etc.....

I think the core should focus on the CORE, not the core and security of the core. Same with the plugins section, or e107 general discussions.

I also agree when an hole or exploit is discovered, it shouldn't be posted in here, but sent to the right email address 1st, so that they might have a little lead time in finding a solution before it runs rampant, then THEY email everyone that there's a solution, THEN we talk about it in the forums.

It's still just a little disorganized, with thread like "ZB Block", Hardening" "FLOOD Attacks" all in the core. THEN, " Access Denied", "Sanitised", etc under Installation. THEN, "ZB Block install", etc under third party, And there's more spread throughout the forums. All have security in common. The CORE should be the CORE forum.

That's all I meant. I think the sooner it's sectionalized, or doen via e107security, the better the communication will be, and the easier it will be to find the solutions (again, as in my case with my porous mind).

That's all, thanks for listenin

Something like this:

Yeah, even just a separate forum section to start.

It would(will) be nice if(when) they reorganize the joint. Like I said in other posts, it's like you step into the CEO's office (CORE), and there's not real front desk (Welcome/Help) to be seen. That's fine for people who have struggled through and got comfortable over the last 5 or so years, but for noob's it's wicked confusing.

Just a little organization of forums, and a REAL index page, with links to all things e107 would be a huge leap ahead.

Pointers in order of how they might be used.

Language/Country based sites
Reviews
Installs and upgrades
Plugins
Core
Training
Support
Lounge

It needs to be looked at from a newcomers point of view, so they can get up-to-speed fast, and start contributing.

I think with the heavy front-end of the forums, the core is the dumping ground for all posts, when it should be one of the last stops, for people who have been through the reviews, language selection, an install, the help, etc.

BUt, I've been saying it, others have been saying it, and nothing. Something that might take 2 hours to reorganize, even if more than enough are made, it's easy to consolidate. Better than having to go through and seperate.

It's aggravating as hell to know that e107 is powerful and capable enough to easily configure and do this, but it hasn't been done yet.

Just do it!!!

Gimme da damn keys, and I will do it!!! Maybe they want me to actually set it up on a TEST SITE so they can see it, cause it can't be imagined. I dunno. *shrugs*

Just my .5 cents worth (damn taxes, exchange rates and transaction fees)

While i'll agree some serious organisation needs to be done i'm not sure i agree with a seperate security forum.

If there are security issues to do with the installation of e107 then it's an installation issue.
If there are security issues to do with the e107 core then it's a core issue.

If there are security issues regarding any number of 3rd party application, including apache/lightttpd/iis then really you need to be talking to those program providers.

To give you a bad analogy it would be like complaining to a film company that the cinema you saw thier film in was bad.

Here's my bad analogy

To me, you're saying, Microsoft should supply protection for just microsoft products, Adobe, adobe products. etc. and none interact with the other, so each one should redundantly deal with the same issues. There should be no one program (place) to handle all the same, or similar issues.

If an attack affects the core, through and input, that same attack could come in through a plugin, or third party code, a hack, anyway. What if we don't know at first, then we have wasted/useless posts in some forums, related but newer in others, or the mods have to move them like musical chairs. If something is definitely wrong with the core, it will be talked about in that forum. Or the errors with a plugin, it's discussed there, but the security aspect of the problems, I think should be in one place. Easier for ALL to find, and determing similarities with others that may appear, on have already existed.

Plus, there will be security experts, and core experts, and plugin experts, and third party coders. Each should have thier own sections, and hopefully more sections will come about for people such as training experts, languages, documentation, etc. Organizing is the key to getting new people onboard and up to speed so they can begin to contribute. In this case, organizing security in one area will make it easier to find and implement the solutions, rather than people having to go through each forum, when they have no clue whether the cause is the core, or plugin, or thrird party code. I think the people that have been here can find a way to adjust to something called organization, but it would really benefit the newer people, who haven't worked this maze for the last 5 years.

I think orgainizing security is one thing that shouldn't be redundant, and it should be kept in a focused and organized area, but that's just my opinion.

We can agree to disagree

True @ Lawbringer - But there is nothing wrong in the film company advising the end user how their film would be best viewed.

(with lotsa beer and popcorn)

I have edited some of the forum descriptions which should go some way toward making things clearer to users.