(03-23-2015, 10:44 PM)ballen Wrote:(03-23-2015, 06:24 AM)Active8 Wrote:(03-23-2015, 04:01 AM)KwiceroLTD Wrote: I'm willing to do a full code re-write for you, it'll take me a bit, on the guarantee it won't be converted back to shit-vulnerable code.
I'd like to see that... You're not the first to have said something along those line and guess what... two years later we're still waiting!!
Ultimately people need to start putting their money where the mouth is.... everyone around here seem to have the "solutions" but no one seems to implement them or take responsibility when they believe that they have the ultimate security implementation when in reality... yeah! - Even members of the existing team, Me.B and 5050 for example both have good ideas but are they implemented yet? - I fully understand that this version of Sentora needs a complete rewrite, it was never designed to work as a *NIX panel initially... the panel code (web teir) could use some massive improvements from a software development point of view and therefore that is why I have been writing a new version, of which benefits from unit testing, properly designed template engines and various other things that previously does not exist in Sentora but anyway some of the team members beleive that we don't need a new verison and simply cementing over the cracks in the existing version will do.... Personally I don't but hey, who am I anymore!
This project is open source - people should make complete (properly tested) pull requests and help fix the issues or, rightly so and as I've previously stated above... write a new version that is actually designed to work on *NIX rather than a hack-up of the original version designed for MS Windows to work with *NIX as I've posted in my post above.
Anyway, I've had enough of all of this shit, I have absolutely no problem is writing secure code, and yeah sometimes people make mistakes but you learn from them.... and it pisses me off to think that people are "mad at me" to think that I've only ever done what I believe was right and yeah ok, it may be my misunderstanding of all components (Linux security but yeah someone has still to explain to me why with the absence of system accounts the 777 is so bad given that we've already raised this as an issue and recommend against it as an interim solution??!!!)
This is an open-source project - people should be helping rather than just slating the project and me in general.
I suggest that the remaining team members push their ideas and take this project to higher places... I'm personally out now, I've had enough and I'm sure that in the mean time all you haters will be like "yeah great, the security n00b has gone" but hey, lets see what happens next!
I wish you all the best with the project and honestly hope that you can find the time and determination that I no longer have to turn it into something much better.
I already told you I'd do a rewrite on the condition it isn't turned into vulnerable code again, if that's what you want I'll do it. If any developers want to join me they can, but it'll be a complete, 100% rewrite of the code and design - no original ZPanel/Sentora code will be used. Proper security practices will be put in place, and I'll pay to have it audited (out of my own personal funds) upon completion by security firms.
My opinions are mine and mine alone. They do not reflect the opinions of my company, staff, and it's affiliates.