Thread Rating:
  • 1 Vote(s) - 5 Average
  • 1
  • 2
  • 3
  • 4
  • 5
AutoMod Mods wish list
#11
The only thing is that with that, its an extra step every time I release a package and no one will be modifying files on the THT website in a bad way. Everyone here has the end user's best interest in mind or we wouldn't have built the projects in the first place. So, I can assure you that no one has alternative motives when it comes to file releases and those who might have alternative motives, do not have access to other peoples' files to modify them. I can't rule out hacking attempts, but if someone is hacking the forums, they'll just as likely replace the sha256 or MD5 hash code for the file they are targeting as well. This way people won't get thrown off by the hash being wrong.

Also, if you're concerned about security, you could extract it and use Notepad++ to search the files for things like http://, https://, and cURL and other things involved in server callbacks. If you try to phish for people's information, you need to post that information off-site somehow, so you'd use callbacks most likely so the interface always looks the same. This means you'd do things like cURL or fsockopen or the like. Also, scan for ioncube, zend, or other encryption methods so you can see if they encrypted a file to prevent you from seeing the callback.
---
See my GitHub at https://github.com/cozylife
Reply
#12
Hello,

I understand but never the less, I still would like THT staff members to at least consider this as possible option on their official builds. At least since Kevin has mentioned to incorporate allot of your ideas. I don't believe I'm too concerned about THT being malicious or you. I don't have any reason to doubt at this point Smile. However, I can securely host it and MD5 and/or SHA256 as this can add credibility and trust Smile The modules on the other hand could have their own disclaimer to use at your own risk. Security is the utmost priority to me and my clients. So yeah, it's very very very important. I really really love this idea http://code.google.com/p/thehostingtool/...tail?id=18, this would make it possible to collect less personal data and limit the risks and liability to me.
Reply
#13
(04-08-2012, 11:02 AM)bombshellz Wrote: Hello,

I understand but never the less, I still would like THT staff members to at least consider this as possible option on their official builds. At least since Kevin has mentioned to incorporate allot of your ideas. I don't believe I'm too concerned about THT being malicious or you. I don't have any reason to doubt at this point Smile. However, I can securely host it and MD5 and/or SHA256 as this can add credibility and trust Smile The modules on the other hand could have their own disclaimer to use at your own risk. Security is the utmost priority to me and my clients. So yeah, it's very very very important. I really really love this idea http://code.google.com/p/thehostingtool/...tail?id=18, this would make it possible to collect less personal data and limit the risks and liability to me.

If you'd like to run everything through an MD5 tool, then send me the results, I'll post the hashes on my modules and releases and when I update them, I'll pull the hash down until I get a new one. =)

My post on that Google Code thread:
This could be a security liability. The name and address information and telephone number are there in case something happens like a police investigation. If they need to track someone down, it could aid the investigation if they have possible valid information. It could hurt you in the long run if you host someone without knowing whom you're hosting. That being said, be careful with your service so you don't have security liabilities.
---
See my GitHub at https://github.com/cozylife
Reply
#14
Hello,

If that's what you want, I need something more secure than forum?
Reply
#15
(04-08-2012, 10:09 PM)bombshellz Wrote: Hello,

If that's what you want, I need something more secure than forum?

PM me. Wink
---
See my GitHub at https://github.com/cozylife
Reply
#16
Quote:My post on that Google Code thread:
This could be a security liability. The name and address information and telephone number are there in case something happens like a police investigation. If they need to track someone down, it could aid the investigation if they have possible valid information. It could hurt you in the long run if you host someone without knowing whom you're hosting. That being said, be careful with your service so you don't have security liabilities.

Without verifying that information against the Debit/Credit company.... Anyone can supply false information
Reply
#17
True. That's why I said it could be possible good information.
---
See my GitHub at https://github.com/cozylife
Reply
#18
Hello LightworkerNaven...

I like your work and dedication to THT. I am quite new to this script. I have noticed that it only allows PayPal. Can we implement Google Checkout in some way? If so, would it be something reasonably simple to achieve?

I am unable to use PayPal and in desperate need for a Google Checkout module. To help in anyway, I'd love to help in getting it up made, but I am not as knowledgeable with code as it seems you are.

I look forward to your reply.

Many thanks,
Harrie Lambert
Reply
#19
I ll request for a Plugin for AdminCP "Login to clients accounts."
This ll be used by Admin to login to any client account from AdminCP.
HostingDream - Free Shared and Reseller Cloud Hosting Offers
█ Shared | Reseller | Cloud Server | Cloud Linux |
Reply
#20
(09-21-2012, 08:04 AM)Fakher Wrote: I ll request for a Plugin for AdminCP "Login to clients accounts."
This ll be used by Admin to login to any client account from AdminCP.

For why you need login to client account?
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)