Modules security // Changes

[Me.B]

Modules developers had always been part of the success of Sentora and Zpanel. 

But now we may face some changes and challenges if we want to move forward and improve sentora.

We are thinking about locking more the panel and reducing permission. 

• This would include first dropping Zsudo.
  
• Renaming zadmin (yes we can do it).
  
• Openbase_dir the whole panel!
  
• Any module file must be accessed only thru /?module=mymodule& and not tap directly files.
  
• Get all hooks outside of the panel. So the cron hooks will run in a separate container/permission.
  

I would like to get your feedback guys.

modpluz  lino69 apinto jacobg830 Diablo925 jollyjoke TGates

Also been thinking of merging some features in the core so some modules will not be needed any more.

Do you agree also if we merge your code in the core?


May we should build later a module boiler plate.

[apinto]

We are thinking about locking more the panel and reducing permission. 

• This would include first dropping Zsudo.
  
• Renaming zadmin (yes we can do it).
  
• Openbase_dir the whole panel!
  
• Get all hooks outside of the panel. So the cron hooks will run in a separate container/permission.
  

• Droping ZSudo will be good. Might mess with existing modules I think.
  
• Allowing users to create a custom username would be great, maybe even a random generator for a default username for the users who do not want to mess with it.
  
• Openbase_dir the whole panel - How are you planning to do it?
  

Do you agree also if we merge your code in the core?

Yes, I do agree. I believe everyone will agree with this.
Anyways I also think you should review all the code (yes I'm talking about my own to...   )

May we should build later a module boiler plate.

This will be amazing, and I also believe a crucial part on Module Development.

[TGates]

All sounds pretty good except for merging some modules into core. That goes against the modular design we have always tried to keep.

[Me.B]

All sounds pretty good except for merging some modules into core. That goes against the modular design we have always tried to keep.

Modular design remain the goal. But for web module. Why having a module for web forwarding? While we should already merge the main module with sub domains module.

By merging I mean enhancing the main modules. Adding an Ajax Explorer should not be the right choice. But adding more reporting like GodX would be intersting. Email quotas for example should be in the main mail modules.

Also we should normalize the core modules. So you can dump Bind module and install it back.

Would be intersting if we update later only the modules instead of the whole core. We could then release faster fixes for core modules instead of releasing the FULL core update as we do currently. I think we started thinking about it before we dropped it.

[TGates]

I see what you mean. Yeah, we had planned to work it that way.
Also include Sentastico as it is the most installed module of all time. Something to think about anyways

[Me.B]

Yep so check the above over the panel sandboxing and permissions restrictions and I think sentastico require some extra permissions.

Can we set a repos on sentora? To test for the some core modules too?

[TGates]

Yep so check the above over the panel sandboxing and permissions restrictions and I think sentastico require some extra permissions.

Can we set a repos on sentora? To test for the some core modules too?

How do you mean? We could use my server, not a problem. Or use store.sentora.org/testing or something.
We have plenty of options for a test repo.

[Me.B]

OK we could start with one or 2 modules to figure how to isolate them.

Main issue is isolating SQL code behind. We could take easy modules like news or faq that really don't impact core. Also if module upgrade alter db.

[TGates]

I'll get a test area set up, may add a live chat/voice interface also so devs can collaborate.

[Me.B]

We have slack for live chat Tom.