Simple Machines Community Forum

SMF Development => Feature Requests => Topic started by: Chief of Nothing on March 31, 2021, 09:30:27 AM

Title: Some modern security for SMF 2.1
Post by: Chief of Nothing on March 31, 2021, 09:30:27 AM
Not sure where to put this so hopefully this board is the right one.

I've coded and am still working on a bunch of security features for SMF2.1 that I believe should be core features and would like to show and get some feedback from the SMF developers. Due to the nature of the borrowed bandwidth that'll be used (it's not my hosting but a freinds) unfortunately I can't just paste the webpage with the screenshots and explanations for the security features here for all and sundry (sorry everyone). As I'm new to these forums it seems I can't PM the url to any interested developer either so not sure what to do.

So far I have done the security related HTTP reponse headers (completed), Subresource Integrity (partially done, only done jQuery so far) and also DNS prefetch, which is not security but a performance thing.

Hopefully some of the relevant members will see this and respond.

Best to you all...
Title: Re: Some modern security for SMF 2.1
Post by: Illori on March 31, 2021, 09:52:35 AM
SMF2.1 Is on GitHub so you can just open a pr with your changes and discuss them with our developers there. Also keep in mind that this version is pretty much feature frozen so we can try our hardest to get the final version released.
Title: Re: Some modern security for SMF 2.1
Post by: live627 on March 31, 2021, 09:02:19 PM
You could upload your changes to your on repository on GitHub

There are currently two seemingly related pull requests currently awaiting review that may conflict with your changes:       
Title: Re: Some modern security for SMF 2.1
Post by: Chief of Nothing on April 02, 2021, 08:58:56 AM
Thanks Illori and live627,

Looks like I'll being joining GitHub and learning Git sooner than anticipated though I doubt, given my so far limited understanding of Git terminology, that I'm ready for a PR.
Title: Re: Some modern security for SMF 2.1
Post by: shawnb61 on April 02, 2021, 11:57:49 AM
This may help with the GitHub learning curve:
https://www.simplemachines.org/community/index.php?topic=576283.0