This forum uses cookies
This forum makes use of cookies to store your login information if you are registered, and your last visit if you are not. Cookies are small text documents stored on your computer; the cookies set by this forum can only be used on this website and pose no security risk. Cookies on this forum also track the specific topics you have read and when you last read them. Please confirm whether you accept or reject these cookies being set.

A cookie will be stored in your browser regardless of choice to prevent you being asked this question again. You will be able to change your cookie settings at any time using the link in the footer.

Modules security // Changes
#1
[Not Solved] Modules security // Changes
Modules developers had always been part of the success of Sentora and Zpanel. 

But now we may face some changes and challenges if we want to move forward and improve sentora.

We are thinking about locking more the panel and reducing permission. 
  • This would include first dropping Zsudo.
  • Renaming zadmin (yes we can do it).
  • Openbase_dir the whole panel!
  • Any module file must be accessed only thru /?module=mymodule& and not tap directly files.
  • Get all hooks outside of the panel. So the cron hooks will run in a separate container/permission.
I would like to get your feedback guys.

modpluz  lino69 apinto jacobg830 Diablo925 jollyjoke TGates

Also been thinking of merging some features in the core so some modules will not be needed any more.

Do you agree also if we merge your code in the core?


May we should build later a module boiler plate.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by: apinto
#2
[Not Solved] RE: Modules security // Changes
(02-19-2016, 01:14 AM)Me.B Wrote: We are thinking about locking more the panel and reducing permission. 
  • This would include first dropping Zsudo.
  • Renaming zadmin (yes we can do it).
  • Openbase_dir the whole panel!
  • Get all hooks outside of the panel. So the cron hooks will run in a separate container/permission.
  • Droping ZSudo will be good. Might mess with existing modules I think.
  • Allowing users to create a custom username would be great, maybe even a random generator for a default username for the users who do not want to mess with it.
  • Openbase_dir the whole panel - How are you planning to do it?

(02-19-2016, 01:14 AM)Me.B Wrote: Do you agree also if we merge your code in the core?
Yes, I do agree. I believe everyone will agree with this.
Anyways I also think you should review all the code (yes I'm talking about my own to...  Blush )

(02-19-2016, 01:14 AM)Me.B Wrote: May we should build later a module boiler plate.
This will be amazing, and I also believe a crucial part on Module Development.
My Sentora Resources
[Module] Mail Quota Count | Vagrant Box with Sentora

[Image: vanguardly-logo-micro.png]
Graphic and Web Design. Development.
www.vanguardly.com


Reply
Thanks given by:
#3
[Not Solved] RE: Modules security // Changes
All sounds pretty good except for merging some modules into core. That goes against the modular design we have always tried to keep.
Reply
Thanks given by:
#4
[Not Solved] RE: Modules security // Changes
(02-19-2016, 05:13 AM)TGates Wrote: All sounds pretty good except for merging some modules into core. That goes against the modular design we have always tried to keep.

Modular design remain the goal. But for web module. Why having a module for web forwarding? While we should already merge the main module with sub domains module.

By merging I mean enhancing the main modules. Adding an Ajax Explorer should not be the right choice. But adding more reporting like GodX would be intersting. Email quotas for example should be in the main mail modules.

Also we should normalize the core modules. So you can dump Bind module and install it back.

Would be intersting if we update later only the modules instead of the whole core. We could then release faster fixes for core modules instead of releasing the FULL core update as we do currently. I think we started thinking about it before we dropped it.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by:
#5
[Not Solved] RE: Modules security // Changes
I see what you mean. Yeah, we had planned to work it that way.
Also include Sentastico as it is the most installed module of all time. Something to think about anyways Wink
Reply
Thanks given by:
#6
[Not Solved] RE: Modules security // Changes
Yep so check the above over the panel sandboxing and permissions restrictions and I think sentastico require some extra permissions.

Can we set a repos on sentora? To test for the some core modules too?
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by:
#7
[Not Solved] RE: Modules security // Changes
(02-19-2016, 06:34 AM)Me.B Wrote: Yep so check the above over the panel sandboxing and permissions restrictions and I think sentastico require some extra permissions.

Can we set a repos on sentora? To test for the some core modules too?

How do you mean? We could use my server, not a problem. Or use store.sentora.org/testing or something.
We have plenty of options for a test repo.
Reply
Thanks given by:
#8
[Not Solved] RE: Modules security // Changes
OK we could start with one or 2 modules to figure how to isolate them.

Main issue is isolating SQL code behind. We could take easy modules like news or faq that really don't impact core. Also if module upgrade alter db.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by:
#9
[Not Solved] RE: Modules security // Changes
I'll get a test area set up, may add a live chat/voice interface also so devs can collaborate.
Reply
Thanks given by:
#10
[Not Solved] RE: Modules security // Changes
We have slack for live chat Tom.
No support using PM (Auto adding to IGNORE list!), use the forum. 
How to ask
Coldfusion Freelance

10$ free to start your VPS

Reply
Thanks given by:


Forum Jump:


Users browsing this thread: 1 Guest(s)