Replies: 3 comments
-
|
I am on the fence about this, the security analyzer is a bit of a sensitive area and I don't know if it's a good idea to allow 3rd-parties to display things in there that we are not aware of. Granted that any 3rd party module can do anything but I find this area especially sensitive as people will trust what it said in there. As for HTTPS and certificate expiry checks, I would recommend using some external service, it is hard from the inside to know this and it's something that should get tested from the outside. I use https://uptimerobot.com/ |
Beta Was this translation helpful? Give feedback.
-
|
I'll move this to a discussion for now, if there is some consensus about it, we can bring it back into an issue. |
Beta Was this translation helpful? Give feedback.
-
|
As much as I can see the reasoning behind this, part of the importance in the integrity of the Security Analyzer service is the ability for it to be secure. Allowing extension would allow other parties, even possibly malicious users, to inject items, so I'm not sure that it is the most proper location to support extension. |
Beta Was this translation helpful? Give feedback.
-
I would say it will be a great feature to make AUDIT CHECKS extensions so DNN developers can write custom security checks.
Question: why "HTTPS" & certificate expiry checks are not part of the default DNN checks.
Beta Was this translation helpful? Give feedback.
All reactions