...

View Full Version : Suggestion for a new forum



logictrap
07-17-2009, 08:13 PM
What do you think about adding a forum for discussing Website Security issues?

As I do more development this seems to be a recurring issue and the people that specialize in security issues are often not the same as the web designers or developers so it might better highlight these issues.

Thanks

ckeyrouz
07-17-2009, 09:08 PM
I agree totally.
I can help in biometrics security as well.

I have done lots of work and R&D on it.

WA
07-17-2009, 09:42 PM
Hmm I wonder how many amongst us are experts in web site security though?

Apostropartheid
07-17-2009, 09:54 PM
Huh. Doesn't website security typically relate to a programming language, though? Having a specialized forum for it seems a bit excessive to me.

oracleguy
07-17-2009, 10:45 PM
Huh. Doesn't website security typically relate to a programming language, though? Having a specialized forum for it seems a bit excessive to me.

Agreed, typically the issues apply to the programming language(s) you are using as far as how to sanitize inputs, parametrize queries, etc.. Any more broad topics can be discussed in the general web building forum.

bcarl314
07-17-2009, 11:23 PM
Interesting idea. I do think having something dedicated to security would be nice. And I do agree that a lot of implementations are language specific. But there are also a lot of things that web developers do without understanding the ramifications.

examples:

How to install / configure an SSL Cert
How to integrate properly with a CC Gateway
How to encrypt data
Basics of handing input and output
Filtering techniques
etc

So, I think it's a good idea, but not sure how to implement it ;)

logictrap
07-18-2009, 06:01 AM
A lot of security relates to programming, but there are also a lot of times when a site is hacked and it's not clear how it was done.

Being able to get advice from others on these types of issues would be really helpful.

Maybe setting up the forum on a trial basis would reveal whether it's useful or not.

IronManFan
07-18-2009, 03:33 PM
hi logictrap,
I certainly would like to be able to learn more about website security and preventing being hacked...
But really I just wanted to say that your signature cracks me up!

"Which came first - the chicken or the egg? The egg... [ticket closed]
If a tree falls... does it make a sound? Yes.............. [ticket closed]"

Thanks for the laugh! :thumbsup:

Millenia
07-19-2009, 09:07 AM
It's pretty much the same reason there is not more Computer and Science forums. Summing up that whole category in just 3 forums might not seem much (as has been suggested many times there be more), but not many people post there! Most people visit Codingforums for website and server related problems. Take a look at the title and see for yourself; it's pretty much targeted at those areas.


Maybe setting up the forum on a trial basis would reveal whether it's useful or not.

I think that could be the only option to see if people would use it or not.

Just my opinions.

logictrap
07-21-2009, 02:19 AM
There were a few in favor and a few not so much in favor - does it take unanimous approval to get a new forum on a trial basis?

Or do I gotta get Bruno involved? ;-)

Deacon Frost
07-21-2009, 03:09 AM
I think the idea is interesting, but like was mentioned, I don't think it would be too easy to implement. Maybe a sticky in each section of security tips, questions about security, and things like that, for each individual language, but how much could that whole forum do?

You could include things like recovering from DoS attacks, and such, and cpanel manipulation for security purposes, but a majority of that is either done in your htaccess, or in the language specified.

logictrap
07-21-2009, 06:54 AM
I don't think it would be too easy to implement.

Seriously? I would even have problems with that statement if this was a discussion board for poodle groomers...

Apostropartheid
07-21-2009, 11:50 AM
CF is not a democracy. WA has the final say. Personally, I think it wouldn't be the best idea, but a trial period is possibly prudent.

WA
07-21-2009, 08:16 PM
I'm skeptical as well whether it will create a lot of overlapping with the existing forum categories, but a trial might be worthwhile. I'll give this more thought and possibly try it out next week.

logictrap
07-21-2009, 10:34 PM
Thanks for considering it, I hope you'll give it try.

I really didn't want to have to get Bruno (http://www.thebrunomovie.com/) involved - even though it could be very entertaining...

oracleguy
07-21-2009, 10:51 PM
I really didn't want to have to get Spookster involved - even though it could be very entertaining...

There fixed that for you.

logictrap
07-21-2009, 11:29 PM
What (or who) is "Spookster"?

Apostropartheid
07-22-2009, 12:16 AM
How can you have been here over a year and not know who Spookster is?

Don't worry, he'll be up from his dungeon soon. His banhammer senses are twitching just about now...

Deacon Frost
07-22-2009, 02:05 AM
How can you have been here over a year and not know who Spookster is?

Don't worry, he'll be up from his dungeon soon. His banhammer senses are twitching just about now...

I heard moaning coming from downstairs... I hope his senses don't interfere with happy time :P.

RabidMango
07-23-2009, 02:36 PM
A lot of security relates to programming, but there are also a lot of times when a site is hacked and it's not clear how it was done.

Being able to get advice from others on these types of issues would be really helpful.

Maybe setting up the forum on a trial basis would reveal whether it's useful or not.

On the other hand if you take a quick peek at some of the "hacker forums" around cyberspace (and I don't recommend you do this from a piece of hardware you don't personally know to be resoundingly unhackable) encouraging people to talk too freely about hacking issues will just draw in those elements who are in it for the opposite of the right reasons.

But the mainstream books on the library shelf are full of unhelpful often wrong and always rubbish stuff.

However, the big reason NOT to set up a security section is that it becomes a military outpost - i.e. hackers, often related to foreign military governments, or indeed created by the societies such governments breed, will see this forum as a real problem for their success-rate, and will come down hard.

But don't worry, I'm building a nice strong security company and within a year or two I'll make sure there is indeed a solid mainstream forum wide open for many people to come directly to us for free help fending off goons. I think it is illadvised to do it any other way. You need a very serious amount of security if you want to fight the (cr)ackers on any grand scale.

I published the stuff on stackoverflow because I think it may be something that all developers need to make sure they fight against internally with pre-emptive programming methods which preclude overflows of this nature as far as possible, and that perhaps developers with more abstract minds can think about ways to detect and kill off stackoverflow attacks in a 100% reliable way - in which case a major flaw in all computing would be fixed.

But what you don't want is a site full of people looking to use stack overflow hacking to break into their school or friend's computer, or someone else, or commit a crime, and so on and so forth. Already it is very easy (if you just have a few posts detailing how a php injection works) to train 100s of people to be able to steal credit card information through the php scripts of 1000s of retail websites... is this the kind of education we want to spread far and wide? I found all that stuff on a hacker forum. Maybe you don't want to open up that front, eh? Life is very tranquil round here! Why not preserve the peace. What a great international peaceable intelligent spam-free unbileful developer zone you have here. Don't invite the hackers here. No way. I've seen them. And I am deeply ashamed of what they do.

ohgod
07-23-2009, 04:33 PM
sure, there are language specifics. but, there are also a lot of general concepts.. like preventing cross site scripting. that could be applied to most web languages.

that said, there are already a lot of articles and info out there.

i don't know how much discussion it would really generate... but i doubt it would be a lot.

remshad
09-05-2009, 09:17 PM
thanks man



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum