Making Joomla more secured-Joomla Core+3rd Party Extentions

xeont · Post by **xeont** » Sun Jun 08, 2014 3:14 am

By going through this forum,

Most of the Joomla Websites facing security treats due to 3rd Party Joomla Extensions or Plugins.

I was wondering,

Is there anyway we can build a Joomla Core with better filtering system for these 3rd Party Joomla Extention and Plugin developers to use. Other than we depend on these 3rd Party developer to use better coding to filter user inputs and SQL queries.

For an example,

When a developer, developing a new extension or a plugin, all he/she have to do it call a php public class from Joomla Core to take care of all user inputs and SQL Queries.

Just an idea. Don't know if this is possible!

Any Professional Ideas?

NathanHawks · Post by **NathanHawks** » Sun Jun 08, 2014 5:09 pm

That's already been present for a very long time. Not every extension programmer cares to learn the API completely when they already know ways to accomplish the task at hand.

Add to that the fact that some extensions are stand-alone and then are ported to Joomla, and those programmers feel even less urge to fully port it into Joomla's API.

But, yeah, this has been one of the whole points of Joomla's existence since the beginning.

There are even foolproof tutorials: JInput, JDatabase

xeont · Post by **xeont** » Sun Jun 08, 2014 8:22 pm

Thank you for your reply NathanHawks

Then Joomla should force JED Extension and Plugin developers to use this API.

What are the Crons we have when using this API?

NathanHawks · Post by **NathanHawks** » Sun Jun 08, 2014 8:44 pm

In my opinion, actually, I agree - it would be better for everyone's security if low-level calls always benefited from core security updates.

I know of no down-sides to the API.

xeont · Post by **xeont** » Sun Jun 08, 2014 9:03 pm

More secure, more popular Joomla will get.

I'm not sure why the JED doesn't force developers to user this API.

Would be much better than removing Extension or Plugin once the venerability is discovered.

alikon · Post by **alikon** » Fri Jun 13, 2014 5:05 am

Bad code pratice could be done even using API so using API is not an insurance of non vulnerable code

sakiss · Post by **sakiss** » Fri Jun 27, 2014 2:38 pm

The usage of the API is a choice not an obligation.

In my opinion the developer should be completely free to develop his extension according to his own design plan and joomla should be even more flexible to accept such diversities.

Vimes · Post by **Vimes** » Mon Jun 30, 2014 11:03 am

sakiss wrote:The usage of the API is a choice not an obligation.

In my opinion the developer should be completely free to develop his extension according to his own design plan and joomla should be even more flexible to accept such diversities.

Agreed.

The Joomla! Forum™

Making Joomla more secured-Joomla Core+3rd Party Extentions

Making Joomla more secured-Joomla Core+3rd Party Extentions

Re: Making Joomla more secured-Joomla Core+3rd Party Extenti

Re: Making Joomla more secured-Joomla Core+3rd Party Extenti

Re: Making Joomla more secured-Joomla Core+3rd Party Extenti

Re: Making Joomla more secured-Joomla Core+3rd Party Extenti

Re: Making Joomla more secured-Joomla Core+3rd Party Extenti

Re: Making Joomla more secured-Joomla Core+3rd Party Extenti

Re: Making Joomla more secured-Joomla Core+3rd Party Extenti