Making Joomla more secured-Joomla Core+3rd Party Extentions
Moderator: JED Team
-
- Joomla! Enthusiast
- Posts: 205
- Joined: Tue Sep 28, 2010 7:04 am
- Location: Melbourne, Australia
Making Joomla more secured-Joomla Core+3rd Party Extentions
By going through this forum,
Most of the Joomla Websites facing security treats due to 3rd Party Joomla Extensions or Plugins.
I was wondering,
Is there anyway we can build a Joomla Core with better filtering system for these 3rd Party Joomla Extention and Plugin developers to use. Other than we depend on these 3rd Party developer to use better coding to filter user inputs and SQL queries.
For an example,
When a developer, developing a new extension or a plugin, all he/she have to do it call a php public class from Joomla Core to take care of all user inputs and SQL Queries.
Just an idea. Don't know if this is possible!
Any Professional Ideas?
Most of the Joomla Websites facing security treats due to 3rd Party Joomla Extensions or Plugins.
I was wondering,
Is there anyway we can build a Joomla Core with better filtering system for these 3rd Party Joomla Extention and Plugin developers to use. Other than we depend on these 3rd Party developer to use better coding to filter user inputs and SQL queries.
For an example,
When a developer, developing a new extension or a plugin, all he/she have to do it call a php public class from Joomla Core to take care of all user inputs and SQL Queries.
Just an idea. Don't know if this is possible!
Any Professional Ideas?
Last edited by mandville on Sun Jun 08, 2014 11:31 pm, edited 1 time in total.
Reason: relocated topic from security 3 to JED
Reason: relocated topic from security 3 to JED
- NathanHawks
- Joomla! Ace
- Posts: 1900
- Joined: Wed Oct 02, 2013 6:17 pm
- Location: Washington state, U.S.
- Contact:
Re: Making Joomla more secured-Joomla Core+3rd Party Extenti
That's already been present for a very long time. Not every extension programmer cares to learn the API completely when they already know ways to accomplish the task at hand.
Add to that the fact that some extensions are stand-alone and then are ported to Joomla, and those programmers feel even less urge to fully port it into Joomla's API.
But, yeah, this has been one of the whole points of Joomla's existence since the beginning.
There are even foolproof tutorials: JInput, JDatabase
Add to that the fact that some extensions are stand-alone and then are ported to Joomla, and those programmers feel even less urge to fully port it into Joomla's API.
But, yeah, this has been one of the whole points of Joomla's existence since the beginning.
There are even foolproof tutorials: JInput, JDatabase
Save time - hire me for your Joomla to-do list! http://nathanhawks.us/joomla
-
- Joomla! Enthusiast
- Posts: 205
- Joined: Tue Sep 28, 2010 7:04 am
- Location: Melbourne, Australia
Re: Making Joomla more secured-Joomla Core+3rd Party Extenti
Thank you for your reply NathanHawks
Then Joomla should force JED Extension and Plugin developers to use this API.
What are the Crons we have when using this API?
Then Joomla should force JED Extension and Plugin developers to use this API.
What are the Crons we have when using this API?
- NathanHawks
- Joomla! Ace
- Posts: 1900
- Joined: Wed Oct 02, 2013 6:17 pm
- Location: Washington state, U.S.
- Contact:
Re: Making Joomla more secured-Joomla Core+3rd Party Extenti
In my opinion, actually, I agree - it would be better for everyone's security if low-level calls always benefited from core security updates.
I know of no down-sides to the API.
I know of no down-sides to the API.
Save time - hire me for your Joomla to-do list! http://nathanhawks.us/joomla
-
- Joomla! Enthusiast
- Posts: 205
- Joined: Tue Sep 28, 2010 7:04 am
- Location: Melbourne, Australia
Re: Making Joomla more secured-Joomla Core+3rd Party Extenti
More secure, more popular Joomla will get.
I'm not sure why the JED doesn't force developers to user this API.
Would be much better than removing Extension or Plugin once the venerability is discovered.
I'm not sure why the JED doesn't force developers to user this API.
Would be much better than removing Extension or Plugin once the venerability is discovered.
- alikon
- Joomla! Champion
- Posts: 5941
- Joined: Fri Aug 19, 2005 10:46 am
- Location: Roma
- Contact:
Re: Making Joomla more secured-Joomla Core+3rd Party Extenti
Bad code pratice could be done even using API so using API is not an insurance of non vulnerable code
- sakiss
- Joomla! Explorer
- Posts: 349
- Joined: Wed Aug 20, 2008 4:09 pm
Re: Making Joomla more secured-Joomla Core+3rd Party Extenti
The usage of the API is a choice not an obligation.
In my opinion the developer should be completely free to develop his extension according to his own design plan and joomla should be even more flexible to accept such diversities.
In my opinion the developer should be completely free to develop his extension according to his own design plan and joomla should be even more flexible to accept such diversities.
- Vimes
- Joomla! Ace
- Posts: 1675
- Joined: Fri Aug 19, 2005 12:14 am
- Location: United Kingdom
- Contact:
Re: Making Joomla more secured-Joomla Core+3rd Party Extenti
Agreed.sakiss wrote:The usage of the API is a choice not an obligation.
In my opinion the developer should be completely free to develop his extension according to his own design plan and joomla should be even more flexible to accept such diversities.
http://www.jomres.net THE online hotel booking and reservation system for Joomla and Wordpress.