What features would you like to see in future versions of Joomla?

Better Security for custom extensions with a "Quality" attribute

Many extensions are created by duplicating an existing one. As one result they will never get updated with its original. I'm not shure about the best way, but i want more security ;-). The only independant way, i'm aware of is to check the code automatically and handle a "quality" attribute. Maybe there is a chance by adding unit tests to any extension

7 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    I agree to the terms of service
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    GorgonzGorgonz shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    3 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      I agree to the terms of service
      Signed in as (Sign out)
      Submitting...
      • Rouven WeßlingAdminRouven Weßling (Admin, Joomla!) commented  ·   ·  Flag as inappropriate

        Simon, this has been discussed (quite recently actually) on the mailing lists. The idea has its merits but is hard to do in practice. The current volunteer(!) staff of the JED is already quite busy. Adding a more trough review of extensions would increase the time requirements quite a bit.

        Also many of the reviewers aren't developers. To do a more in depth review we need people who develop themselves to look at extensions. We don't really have a surplus of developers in the project.

      • SimonSimon commented  ·   ·  Flag as inappropriate

        I agree - The poor security and quality of Joomla extensions is a major issue that should be urgently addressed and made a high priority - this is really holding Joomla back.

        All extensions should be carefully checked to ensure they are secure before they can appear on http://extensions.joomla.org/ and any updates also reviewed.

        Another major issue is the poor quality of construction and code in extensions. I feel that coding guidelines should urgently be created that extension writers must follow.

        Extensions should then be graded according to how well they meet the criteria in the coding guidelines. For example there could be a 5 star extension quality grading system. With the work required to obtain each of the 5 stars clearly detailed in the coding guidelines.

        This will improve the quality of extensions and also avoid the costly and time consuming mistake of purchasing poorly written extensions that may not be possible to easily customize / extend. The ideal would be for extensions to be written with hooks to allow easy insertion of additional code without having to hack the code and get wiped out when the extension is updated etc.

      • GorgonzGorgonz commented  ·   ·  Flag as inappropriate

        Update: This could solve also another big enhancement wish, that i'd like to exist: That there is an criteria, how secure an extension is

      Feedback and Knowledge Base