Advertisement:

Author Topic: Some modern security for SMF 2.1  (Read 3245 times)

Offline Chief of Nothing

  • Newbie
  • *
  • Posts: 2
Some modern security for SMF 2.1
« on: March 31, 2021, 09:30:27 AM »
Not sure where to put this so hopefully this board is the right one.

I've coded and am still working on a bunch of security features for SMF2.1 that I believe should be core features and would like to show and get some feedback from the SMF developers. Due to the nature of the borrowed bandwidth that'll be used (it's not my hosting but a freinds) unfortunately I can't just paste the webpage with the screenshots and explanations for the security features here for all and sundry (sorry everyone). As I'm new to these forums it seems I can't PM the url to any interested developer either so not sure what to do.

So far I have done the security related HTTP reponse headers (completed), Subresource Integrity (partially done, only done jQuery so far) and also DNS prefetch, which is not security but a performance thing.

Hopefully some of the relevant members will see this and respond.

Best to you all...

Offline Illori

  • Lead Support Specialist
  • SMF Legend
  • *
  • Posts: 52,908
Re: Some modern security for SMF 2.1
« Reply #1 on: March 31, 2021, 09:52:35 AM »
SMF2.1 Is on GitHub so you can just open a pr with your changes and discuss them with our developers there. Also keep in mind that this version is pretty much feature frozen so we can try our hardest to get the final version released.

Offline live627

  • Developer
  • SMF Hero
  • *
  • Posts: 5,965
  • Gender: Male
    • live627 on Facebook
    • live627 on GitHub
    • live627 on LinkedIn
    • @live627 on Twitter
    • livemods
Re: Some modern security for SMF 2.1
« Reply #2 on: March 31, 2021, 09:02:19 PM »
You could upload your changes to your on repository on GitHub

There are currently two seemingly related pull requests currently awaiting review that may conflict with your changes:       

Offline Chief of Nothing

  • Newbie
  • *
  • Posts: 2
Re: Some modern security for SMF 2.1
« Reply #3 on: April 02, 2021, 08:58:56 AM »
Thanks Illori and live627,

Looks like I'll being joining GitHub and learning Git sooner than anticipated though I doubt, given my so far limited understanding of Git terminology, that I'm ready for a PR.

Offline shawnb61

  • Developer
  • SMF Hero
  • *
  • Posts: 3,222
    • sbulen on GitHub
Re: Some modern security for SMF 2.1
« Reply #4 on: April 02, 2021, 11:57:49 AM »
This may help with the GitHub learning curve:
https://www.simplemachines.org/community/index.php?topic=576283.0
Address the process rather than the outcome.  Then, the outcome becomes more likely.   - Fripp