Should DA forums be member only reading?

Should DA Forums be "licensed users only"

  • Yes, close off sensitive areas to "members only"

    Votes: 16 45.7%

  • No, everything should be public

    Votes: 19 54.3%

  • I dont really care

    Votes: 0 0.0%
  • Total voters
    35
hostpc.com

hostpc.com

Verified User
Joined
Aug 2, 2003
Messages
1,071
Location
Schenectady, NY
There's been a bug in my throat for a while, and I've discussed it with several people here who are "like minded" - I think if enough of us are out there, we might be able to make a change.

On these DA forums, we discuss some pretty sensitive information sometimes. Bug reports, glitches, security issues, etc.

What I'm proposing is a "closed" forum situation.

Here's why.

1) Only licensed DA users would be able to read/post to MOST of the forums - keeping "secrets" about found exploits, etc to "ourselves" rather than letting anyone and everyone see where an issue might be - thus opening ourselves up as "targets"

2) Leave some forums (ie: sales, questions, general discussion) open to the public - it helps the "community" spirit.

3) Security issues that MIGHT arise, are kept only to licensed users who have a direct interest in DA - and thusly be able to patch or modify their servers prior to the outside world being aware of a potential vulnerability.

I mentioned this to John at one point, never heard a reply. I mentioned this to jlasman last night - and at least we had a reasonable discussion about it.

What do you think of my idea?
 
I also agree with your point of view. It's good to have a "public" forum where everyone can post questions and such but i would like to see a more closed (read it: member only) forum where we (DA license owners) could discuss bug and glitches without other "people" watch it.
 
I totally agree with you, only license owners should be able to view that kind of information. I think it would prevent a few exploits against those not yet patched and would keep information secret from those at cpanel, etc. It would also cut down on the spam =) I think it''s a great idea, hope it goes through.
 
hello;

I find that the forum should stay open, but why not create a "secure" section in the forum for sensitive information?

That is quick to do and all will be pleased no?

Sky

ps : need to add to the poll somthing like : other idea :)
 
Good idea. In the spirit of security for all.

Certain sensitive information could jeopadise all of us.

Better to base entrance into the secure section primarily on peer review, then (optionally) on license ownership.

The "Inner circle" (secure section) concept is something all sentient beings practice naturally. Trust based on the quality of relationship as it develops over time. Good will is the prime asset.

Anyone can purchase a license and exploit it. Of course anyone may gain trust and exploit it as well. However, it's easier to buy a license than to earn one's way.
 
hostpc.com said:
For those voting NO, please explain why... discussion is good, nobody's gonna jump down your throat :)
Click to expand...

I voted no because before I bought DA I came in and read the forum. I could see everything...all the warts...everything. Made it much easier to make an informed decision.


IMHO, etc...
=C=
 
I voted no, partially at least.

I believe all information should be publicly accessible. However I would like to see posting in certain forums restricted to users who do have a license. This would basically eliminate all the posts of users looking for help which their providers should really be doing for them.

This nice in theory, but JBMC will have to write integration code. Either that or get more moderators who can verify existing members and add new ones as they come in manually (which would most likely mean opening up their billing information to them). And my guess is that this is something Jeff (or any other volunteer moderators) would not look forward to.
 
Last edited:
In principle I like the idea BUT...

If I were to go back to when I was making a decision to use DA or not I guess I would have thought a bit longer if I was restricted from seeing the issues with it until after I had purchased, and I guess JMBC want to encourage new users to buy not discourage them.

So if the above issue could be handled - it could even be as simple as in the restricted forums posting a link to the versions pages - then I guess I'd be ok with that.

Maybe some users could respond that don't have licenses - that way we see an even point of view.

Rob
 
As i said, i would vote no, but its not true...
you need to add another option to the Poll like "other" ...

I agree with most most of you about leaving the forum open, but whe can just create a secure section...

Whatever... if the forum become closed, it will be hard for new users to choose DA... that is true.

Sky

ps : sry for my mistakes, i find it hard to say what i think in english being frensh :)
 
I finally voted no, but it took me more than a day to make that decision. That's because I could come up with lots of arguments both in favor of and against the idea, especially after the recent open-relay and open_basedir threads.

1. I think that having parts of the forum only accessible to users who have a DA license is a bad idea.

2. I think that having parts of the forum only accessible to registered forum users without the restriction that they also must have a valid DA license may be a good idea.

3. Having the forum open to everyone without restrictions is also fine with me.

I remember when I came here for the first time a year ago. I already had a DA server and quickly became a regular visitor. I almost always found the answers I was looking for.
But I had not registered on the forum. That came much later when in august for the first time I had to ask a question myself I couldn't find the answer to so I had to register. If options #2 above is chosen I would only then have found out that there were additional forums available that I didn't know about.

I would like to see an aditional set of forums, similar to the "Technical Discussions"-forum, but focused on security issues, something like this:

[ Server Security ]
o Operating system level security
o E-mail related security issues
o Apache/PHP related security issues
o MySQL related security issues
o Other security related issues

What I also would very much like to see is an additional form of information. A forum is a great way to store question/answer types of information. But you wouldn't use forum software to store for example wikipedia information.

The problem with any forum is, the information is there, but it isn't structured in such a way that the information is easily accessible if you look at it from a knowledgebase point of view. The "search"-option is the only option a user has to find information here. That is far from ideal if you want to read up on say "securing your server".

I realy think there is a need for an additional source of information about DA which is structured more like a wiki or knowledgebase.
 
Last edited:
sky said:
hello;

I find that the forum should stay open, but why not create a "secure" section in the forum for sensitive information?

That is quick to do and all will be pleased no?

Sky

ps : need to add to the poll somthing like : other idea :)
Click to expand...

I agree with Sky, one of the main reasons I switched over to DA or even considered it was the public forums.

If your worried about secure info, dont post it.

Circle of friends? Inner Circle ...
Bleh.. whats to stop me from paying $24 USD to get the info I want?

Im totally against the idea of closing forums to only licensed users. It gives people the impression that your hiding something.

For example I would never buy a machine from alienware for that very reason. Closed forums.. hmm makes me think what is that they dont want me to see?

I dont buy any products from any company that employ this elite closed forum tactic.
 
Last edited:
I'm not, and never have said it's a good idea to close ALL the forums... but some that reveal insecurities that should not be made public should be private, IMHO.
 
If no one knows about a security hole, no one will fix it. This puts more pressure on developers to write secure code to their best abilities.

I still see no benefit in hiding anything. But this is a hot issue that is always debated, to reveal bugs or not to. Which are better?

Both sides have compelling points, my vote is still with no.
 
If someone had melicious intent, wound't he or she simply register in this forum to read and search through this proposed secure area to search for bugs to exploit? All one needs to register is an email address.

I could see where a secure area would keep threads from being spidered by the search engines and thus allowing the public to find forums through search engine queries, that would be beneficial.

The secure method would help, but only a little as I see it.
 
Well, i have voted no, but no because there is no other option...

I like the fact that no one have voted : i dont care :)
 
Originally posted by Aspegic
I would like to see an aditional set of forums, similar to the "Technical Discussions"-forum, but focused on security issues

The problem with any forum is, the information is there, but it isn't structured in such a way that the information is easily accessible if you look at it from a knowledgebase point of view. The "search"-option is the only option a user has to find information here. That is far from ideal if you want to read up on say "securing your server".
Click to expand...

I agree. A section dedicated to security issues (bugs/fixes) particularly in relation to DA would be extremely useful here.

Originally posted by rndinit0
If your worried about secure info, dont post it.
Click to expand...

Good reminder. Common sense really. Reporting security holes directly the developers would make them aware of what needs immediate attention. Most of us would already do this anyway.

Originally posted by rndinit0
If no one knows about a security hole, no one will fix it. This puts more pressure on developers to write secure code to their best abilities.

I still see no benefit in hiding anything. But this is a hot issue that is always debated, to reveal bugs or not to. Which are better?
Click to expand...

Revealing security holes may actually be in our best interest as we'll be aware of where we are vulnerable so that we may respond more effectively in securing those areas.

Revealing a bug is one thing, fixing it is ultimately more important.

So, is it more of a "Secure Section" or an open section primarily focused on improving overall security, which will produce the most benefit to us all?

The real end result we're looking for is improved security for all.

The real question is: What's the best way?
 
The real question is: What's the best way?
Click to expand...

I don't think there's a "one-solution-fits-all" answer to that question.

But there is one thing I have been wishing for for some time:

a security mailing-list

Each time a new exploit or security hole is discovered an email would be send to all subscribers to the list. That mail could describe the nature of the problem and could also contain a link to a thread on this forum that discusses the problem.
Biggest advantage of a mailing list is that it will let me know about the issue even if i'm not looking for it. On the forum, if a new issue is discovered I have to stumble upon it to know about it. I'm convinced I've already missed several discussions that I would have liked to read if only I had known they were there. A mailing list would solve that (and it is also a convenient way to get the word out quickly).

And also, if everybody knows about it there's less need to keep it a secret. After all, the reason for wanting to keep an issue a secret is because of the fear that the hacker may know about it but the admin doesn't. Of course only issues for wich a solution exist should be published. Issues without a solution should be kept a secret until the solution is found.

And to make sure that as many DA admins as possible subscribe to the list, the mechanism for subscribing could be integrated into the Admin section of the DA user-interface. That way an Admin will find out the list exists even if he doesn't know about it. It would also make the requirement for verification that only DA license owners subscribe obsolete.

An archive of previous emails would also be nice.
 
Last edited:
If a forum for only security reports is setup, you can subscribe to that forum and receive reports of new threads and replies.
It would be considerably easier than setting up an independent mailing list.
 
I'm sorry, I added some text to my previous message after you replied. I added a few more reasons for the mailing list.

But do you think a mailing list would really be a lot of work to implement.
 
You must log in or register to reply here.
Back
Top