[Phpwebsite-developers] Security Alerts

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Here's another one to be batted around.

I'd like to see a registry of all sites using phpWebsite. The registry 
would include contact information for the proprietor and whether the site 
should be listed in a public directory of phpWebsites or not.

One purpose of the registry would be so that when security issues are 
discovered, an alert can be sent to registered sites a day or two before 
the security issue is published publicly on phpwebsite.appstate.edu.

If this is done by a module in phpWebsite that receives the information and 
then emails it to the proprietor, only active websites would receive the 
alert. This would prevent anyone from registering just to get the security 
updates. (They'd at least have to have a running phpWebSite).

Theoretically, this gives phpWebSite proprietors an opportunity to fix 
their sites BEFORE the security breach is made public. I'm pretty sure that 
two of my sites were defaced because the person who did the dirty deed 
found out about the breach by reading about it on phpwebsite.appstate.edu 
before I did.

I realize that there are hacker sites, etc. that publish this stuff and 
which we have no control. However, just making sure that all registered 
sites are alerted as quickly as possible would be a big help.

I discussed this with Brian Brown months ago and his take was "something 
like that would be great but, I'm not sure that it is workable."

By the way, a counter could be incorporated so that we could say 
"phpWebSite now has 876,477 active sites."

So, having worked through this, here's my suggestion for a registration module:

Registration module would:

Allow admin to register site with the phpWebSite registry.

Specify whether or not site will be listed in the public directory at 
phpwebsite.appstate.edu.

Allow admin to receive notification of updates to phpWebSite and to modules.

Allow admin to receive communications from phpwebsite.appstate.edu such as 
security alerts (admin specifies an email address. The website receives the 
communication and forwards it to the email address. That way, if the site 
is no longer running, or, no longer using phpwebsite, the message doesn't 
go to that person.)

Maintain a count of all phpWebsites.

Maintain a public directory of all phpWebSites that want to be listed.

Geoff