Wedge

Well done for misreading what I said. MANY sites use badges. NOT MANY sites use MULTIPLE badges or hybrid badges.

OK, since this has been asked, I'm going to explain this in a lot more detail.

The simple version: having any kind of ability where the admin uploads something for the forum itself, e.g. themes, plugins, smiley images, badges/rank images... this is a security risk. So too is media and attachments and avatars, but specific things can be done to mitigate those.

But anything that requires touching any of the core files is a serious security risk. Why? Because it requires opening up the core folders and files to higher permissions than they should have. This means making things writable by ANY USER on a shared host. Can we say 'hackable'? YES WE CAN!

The obvious answer is 'put permissions back again afterwards' but the thing is, people don't. They leave permissions set open for their own convenience later on, which is how come so many SMF installations get hacked at some time or another.[1]

Now, I have proposed a solution for this elsewhere but it's not a brilliant one. Specifically, it would require you (as the admin) to put in your FTP password periodically to upload things like plugins. Certain magic can be worked so that FTP (or SFTP) can be used to perform this kind of work, without making a security hole.

Before anyone asks, what are the chances of me giving you an admin upload facility that doesn't use FTP/SFTP and works solely by you changing permissions yourself? ZERO. There is ABSOLUTELY NO WAY IN HELL I will give you that ability. The idea is that you shouldn't be screwing around with it, and especially not screwing around with setting core files/folders to 777. And if you do, that's YOUR responsibility. My responsibility is in making a decision whether I give you a gun to shoot yourself with, or giving you an air rifle that probably won't kill you, you can guess where I'm going with this.

1.	Though I stress, it really isn't only SMF, it's just that's what I know for certain.

That's the thing, I don't know many sites that actually would implement it like that, especially seeing that the implementation would force us to make YOU have badges that are irregular, unusual and hard to make.

Remember: what we implement in the core is not what JUST YOU wants or needs, we have to implement things for everyone to use, and this is too complex for everyone to use as it stands.

Apple are actually pretty good about removing clones like that, from what I've seen, even in cases where it's not a huge top-flight developer.

-sigh-

How about actually reading some of the posts already here? Like the discussion already on having badges where I asked people, multiple times, how they expect to actually configure it?

http://wedge.org/pub/feats/7108/badges-and-the-displaying-thereof/ - it's even in this same board.

(1 file, 3KB)

Revision: 1478
Author: arantor
Date: 17 March 2012 13:22:54
Message:
! Rewrite the IPv6 matching code, it should now work properly on addresses (as it actually predates the IPv6 implementation, it didn't actually match netblocks properly against the internal IPv6 encoding used.) (Subs.php)
----
Modified : /trunk/Sources/Subs.php

That's actually a beautifully designed game. The way the game mechanics change depending on circumstance is actually ingenious.

Nao's the real hero here, he's the one who made it look so awesome :)