Kirby 2.3 show files in my directory?

I absolutely agree with @lukasbestle

@lukasbestle @texnixe

Also note that you can’t reliably detect every possible security issue.

And I totally agree with this and therefor I don’t think it’s a task for the Kirby crew to do it. I would be a never ending story and you would get far away from the main project.

If a third party plugin could just indicate that something is not right, kind of like a reminder. Would that not be a good thing?

Anyway, sometimes I just can’t hold back from trying someting out, so here is yet another proof of concept…

Security checklist

Download: https://github.com/jenstornell/kirby-security-checklist

So far I only test two quite important things (from my point of view).

Possible future evolvement:

• Move it from the widget to a custom panel page if it would be possible in a future version of the Panel.
• Some kind of caching. Now it works fast but with more checks it will probably not.
• More checks.

So @lukasbestle and @texnixe, what do you think? Shhh, don’t tell me, I already know, you hate it. I just hope you don’t look like this right now. I hope you look more like this:

No. I learned a life lesson: Never even start something if you already know that it will never be complete (at least if the “something” is code).
I like that your proof of concept has a warning at the top, but who reads warnings anyway? Of those who do, some will ignore it as they don’t realize how true it is. They will be thinking “how bad can it be, there can’t be much missing from the checklist”.

Don’t get me wrong: Helping people fix some security issues is a good thing, but not if it’s not absolutely absolutely clear that users can’t feel safe if they are using a such a plugin.
I’m pretty sure a lot of people will read over the “proof of concept” and think it’s an already finished plugin. Promising security to people can be really dangerous.

Jens, it’s not a question of hating anything, you are not Donald Trump. It’s just a question of finding things useful or not.

Tonald Drump

On a serious note. I agree with you higher ups on the fact there are too many security variables when concerning things you cannot control. However, with that said, as someone who isn’t exactly up to par with many of you Kirby experts Having something in the docs would be helpful. For the record, just so someone doesn’t come on here thinking I was being lazy. I read the docs, searched the forum then processed to ask.

@lance1572 I never thought you were lazy and have added a new paragraph to the security docs (needs to be deployed, yet). We still have to move it somewhere else, because the security section should not be hidden in the developer docs, I think.

Thank you for taking that time to add that and also the discussion of the others as well. It helps to know and get a handle on what things are doable and others that are not. This situation is more gray as some have their hosting already locked down and some don’t. Good learning experience!! I was just putting that out there just in case. I didn’t think you were thinking that.

Even if something is in the docs, in many cases we can’t really blame people for not finding it, because if you are new to something, you often don’t even know what you are looking for.

@lukasbestle

I learned a life lesson: Never even start something if you already know that it will never be complete

So, when will Kirby be complete? ;) Just kidding, I know what you mean.

who reads warnings anyway? Of those who do, some will ignore it as they don’t realize how true it is.

I could not say this better than @texnixe and I quote…

But honestly, people should read the docs. I think there is a certain responsibility you simply have as a developer, especially when doing client work.

@texnixe

you are not Donald Trump

Last time I checked I was not. But who knows, maybe I’m full of alternative facts.

Anyway, if I find my proof of concept plugin useful on my own sites and if more people are interested about it, then I might continue to build on it, else I’ll probably just leave it here as a concept. Nice to see that you have some docs adjustments in the pipe. I think it will help alot.

Nice creative discussion.

Did you use one of your plugins? Was it up to date? No false negatives, I hope

Instead of a checklist for it I use a swedish mirror app to see what I am and what I look like. It seems to be up to date.