Re: [Phpwebsite-developers] Security Alerts

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

+ infinity + 1

Don.

On Mon, 30 Dec 2002, Geoff Staples wrote:

> Here's another one to be batted around.
> 
> I'd like to see a registry of all sites using phpWebsite. The registry 
> would include contact information for the proprietor and whether the site 
> should be listed in a public directory of phpWebsites or not.
> 
> One purpose of the registry would be so that when security issues are 
> discovered, an alert can be sent to registered sites a day or two before 
> the security issue is published publicly on phpwebsite.appstate.edu.
> 
> If this is done by a module in phpWebsite that receives the information and 
> then emails it to the proprietor, only active websites would receive the 
> alert. This would prevent anyone from registering just to get the security 
> updates. (They'd at least have to have a running phpWebSite).
> 
> Theoretically, this gives phpWebSite proprietors an opportunity to fix 
> their sites BEFORE the security breach is made public. I'm pretty sure that 
> two of my sites were defaced because the person who did the dirty deed 
> found out about the breach by reading about it on phpwebsite.appstate.edu 
> before I did.
> 
> I realize that there are hacker sites, etc. that publish this stuff and 
> which we have no control. However, just making sure that all registered 
> sites are alerted as quickly as possible would be a big help.
> 
> I discussed this with Brian Brown months ago and his take was "something 
> like that would be great but, I'm not sure that it is workable."
> 
> By the way, a counter could be incorporated so that we could say 
> "phpWebSite now has 876,477 active sites."
> 
> So, having worked through this, here's my suggestion for a registration module:
> 
> Registration module would:
> 
> Allow admin to register site with the phpWebSite registry.
> 
> Specify whether or not site will be listed in the public directory at 
> phpwebsite.appstate.edu.
> 
> Allow admin to receive notification of updates to phpWebSite and to modules.
> 
> Allow admin to receive communications from phpwebsite.appstate.edu such as 
> security alerts (admin specifies an email address. The website receives the 
> communication and forwards it to the email address. That way, if the site 
> is no longer running, or, no longer using phpwebsite, the message doesn't 
> go to that person.)
> 
> Maintain a count of all phpWebsites.
> 
> Maintain a public directory of all phpWebSites that want to be listed.
> 
> Geoff
> 
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Phpwebsite-developers mailing list
> Php...@li...
> https://lists.sourceforge.net/lists/listinfo/phpwebsite-developers
> 
> 
> 