search

matomo-org / plugin-SecurityInfo

Provides security information about your PHP environment and offers suggestions based on PhpSecInfo from the PHP Security Consortium.
http://plugins.matomo.org/SecurityInfo
24 stars 17 forks source link

Replace PhpSecInfo with something more modern #27

Open Findus23 opened 6 years ago

Findus23 commented 6 years ago

As this is the most downloaded Matomo plugin and the description recommends using it

We highly recommend that all Matomo administrators enable the SecurityInfo plugin, and then view the Settings. The plugin is a tool in a multilayered security approach.

we should make sure that the recommendation it gives are up to date. Unfortunately the development for PhpSecInfo seems to have stopped in 2007 or 2009 and while there have been some fixes to make it work with newer PHP versions, I am not sure if the recommendations are still correct and (more importantly) if not some important recommendations are missing.

But I couldn't find many alternatives. https://github.com/sektioneins/pcc seems to be newer, but it doesn't seem to have a way to get the results apart from echo.

If someone knows a better alternative, please comment here.

ZerooCool commented 5 years ago

I found 4 versions for PhpSecInfo : https://github.com/ZerooCool/phpsecinfo

Findus23 commented 2 years ago

Just FYI: My plugin https://plugins.matomo.org/DiagnosticsExtended should contain all important checks from this plugin in a rewritten version.