byte[]
Philomena Contributor
@OneMoreAnonymous
Making the site software public is something I have wanted to do for a long time, but I have received pushback from other staff on the issue claiming potential security vulnerabilities being used against the site and the creation of copycat sites that could be used for phishing.
I have audited the code before and found major security issues present, which I immediately fixed. As of now there are no security issues that I am aware of, only minor bugs that are revealing of certain site internals and of sloppy coding, but do not themselves pose a risk.
The suggestion that one could use the site code to create a copycat is not outside the realm of possibility. The problem, then, is that a local copy of the site is a real pain to set up, even when using a tool like Vagrant (and without it, it’s even more fun). Probably only someone truly dedicated to setting one up would be able to do it in one go without needing to ask me for help, and the kinds of people with that dedication will phish with impunity regardless of whether they have a copy of the code.
So, until further notice, we aren’t providing the code. That said, if you would like code samples or explanations of functionality (e.g., how do you do this thing) I can readily provide you with that, as it doesn’t really pose either of these risks.
Making the site software public is something I have wanted to do for a long time, but I have received pushback from other staff on the issue claiming potential security vulnerabilities being used against the site and the creation of copycat sites that could be used for phishing.
I have audited the code before and found major security issues present, which I immediately fixed. As of now there are no security issues that I am aware of, only minor bugs that are revealing of certain site internals and of sloppy coding, but do not themselves pose a risk.
The suggestion that one could use the site code to create a copycat is not outside the realm of possibility. The problem, then, is that a local copy of the site is a real pain to set up, even when using a tool like Vagrant (and without it, it’s even more fun). Probably only someone truly dedicated to setting one up would be able to do it in one go without needing to ask me for help, and the kinds of people with that dedication will phish with impunity regardless of whether they have a copy of the code.
So, until further notice, we aren’t providing the code. That said, if you would like code samples or explanations of functionality (e.g., how do you do this thing) I can readily provide you with that, as it doesn’t really pose either of these risks.