Suggestion: WHMCS approved mods database

[herpherp]

I have a simple answer to all the "tin hats";

*dons flame suit*

 

I have better things to do with my time (and company reputation) than try and steal your data. My mods are as they are, and my experence and 300odd no 400 post count should count for something. I Encrypt them to protect myself, Just like people get patents.

 

Every one craps on about how whmcs is developed to slow and how you never get what you want when you want it. Do you thinkg that giving matt et al extra work will speed this up some more?

 

You have a choice;

buy it, get the benefit and be greatful.

Don't and stop craping on that we're all out to get ya!

 

tbh this is all getting a bit petty lately.....

 

</rant>

 

So what happens when Xx-XXX||||XXX-xX decides hey lookie here we got a bunch of suckers using addons here that are encrypted if I make a bunch of posts they will trust me.

 

No one says you are ALL out to get anyone, what most are concerned about is the 1 in the bunch that will have either ill intentions or simply vulnerable coding... Even the biggest scripts on the markets have histories of vulnerabilities and to deny that is just insane!

[merlinpa1969]

dude your point is taken,

 

your smarter than the rest of us,

we will all bow before you

 

 

will you please drop it now,

[herpherp]

dude your point is taken,

your smarter than the rest of us,

we will all bow before you

 

Thank you.

 

Although I am not trying to prove to be smarter than anyone, simply replying to a topic regarding encoding and giving my point of view, if you don't agree with it that's ultimately your decision to make and hearing(reading) your point of view is also something I find interest in, so sarcasm aside I appreciate your input.

 

There really is no need to get defensive, and I do not think that everyone is ready to bow before me.(I will try to get them there though)

[Zorro67]

Ok, so Matt's now in the process of picking himself up off the floor after rolling around laughing with the strong view points expressed.

 

No lets move on to recommndations before bringing this meeting to a close.

 

Can I suggest that the is an opportunity for Matt to consider an accreditration process or system for mods?

 

Common sense tells me that an 'approved' (insert your word here) will have more credibility, and potential gretaer sales as a result, whether there is a cost attached to that process or not.

 

Can I also suggest that for any wirthwhile mod, Matt might conder negotiating with a mod developer to purchase a mod and integrate it into the main package.

 

I also not that no-omne made further comment as to how Joomla does it? (see my post above) Does that mean they think it couldn't be done better?

 

Further (constructive) comments?

[Matt]

I think the idea of a proper system for listing user contributions/addons is a good one now that the developer community is growing. Something that is categorised and easily searchable which clearly shows the latest version, what versions of WHMCS it's compatable with and the changelog history. Certainly it would be a lot clearer than a 10 page topic where every page has users posting problems and fixes that most don't need to worry about.

 

I'm not so sure about the certification of mods as that may have legal implications but certainly something we can look at.

 

Matt

[eugenevdm]

I agree this is a brilliant idea. Scraping through the forums to find a good mod is a mission. Perhaps something with user rating and amount of times downloaded.

[BlogsAbout]

I would certainly pay more for a certified mod.

As pointed out especially when new to the forum i find it hard to trust mod developers who have not been around for awhile with a consistent track record e.g. Sparky. For new mod developers I would think the stamp of approval would be very worthwhile.

 

I am by no means a coder and even a decrypted php file wouldn't be of much help to me for the most part BUT i do know that you can have encrypted php files that are ticking timebombs e.g. dont do anything for x period of time before executing x,y,z. Unfortunately even a test area would not show this as most will not test out scripts for months on end.

 

If you consider the cost of a compromised server even upping the cost of a mod by 10$-20$ (pick a number) is worthwhile to at least know that the mod is trustworthy. Yeah you run into issues when mod fixes happen and it would need to be re-certed but the client has paid for lifetime updates etc.

[merlinpa1969]

Im still curious, the devs need to speak up here...

Who would certify these mods? how would they be guaranteed that they didnt verify a clean version then present a dirty version to the masses.... would that then go unchecked cause someone certified them?

 

and last but not least....

WHO is going to take responsibility. IF the devs here certify a mod what kind of legal hole are they getting into?

 

 

just food for thought

[Shaun]

and last but not least....

WHO is going to take responsibility. IF the devs here certify a mod what kind of legal hole are they getting into?/QUOTE]

 

I would hope that some ppl see me as a "respected dev", i personally would not even think about certifying someone elses mod. For the time it would take me to go over the mod with a fine tooth comb would cost to much, then IF it failed i would be up legally and ppl would be trying to sue me.

 

The only person that can truely say something is right is Matt, and Matt is already busy enough making the core of whmcs better. This game is all about trust and its something that has to be earnt.

 

There are 2 real topics in this thread;

The mod directory im all for this, as the threads are cluttered atm.

As for the whole encryption tin hat debate... im sure my view is obvious.

[openmind]

As I started this argument/discussion I suppose I should contribute

 

As I said before, I'm not against encryption I just don't want to install a mod that I cannot personally approve hence why having a developer check it over would be the best solution. This doesn't make me paranoid in the slightest, it simply means I am protecting a six figure per year turnover business and also the data of my clients.

 

If that means I should be wrapping my head in tin foil then I'll pop down to Tescos now

 

The directory would be a great addition I feel, an approved by stamp would be the cherry on the top. Yes it would add an overhead to whmcs staff, yes there could be legal implications but this could be negated easily if the update to the mod was controlled.

 

I didn't suggest this idea to provoke developers, hell I'm a developer myself who sells an eCommerce platform with an encrypted backend so I know exactly how you feel, but it is more a discussion of an idea...

[herpherp]

WHO is going to take responsibility. IF the devs here certify a mod what kind of legal hole are they getting into?

 

Even if whmcs does not certify them, they could still be held legally responsible as they are provided on a whmcs site. (unless of course they place a disclaimer within the forums etc...)

IF a disclaimer is in place even when approved would ensure that there are no legal implications...

 

I would suggest that as a community we come up with some sort of solution.

 

Maybe we can implant cyanide capsules in the addon developers and have some sort of automated script to release it if their code ever does anything malicious.

 

My real concern is not the developers of the addons personally, it is the fact that there are always issues with security.

 

If I find out that there are new ways for unwanteds to gain access to my server, I can't just go look at the code and say uh huh! I better fix that etc... I have to(if I want to use the scripts) completely trust that the developers are updating those codes as well.

 

I don't think that whmcs staff will be able to provide the resources or the time to manage all the addons.

 

I do however think that maybe 5-10 trusted developers(since they are the ones profiting from whmcs work as well) could possibly get together and come up with some basic checks of raw code and approve submissions... There could possibly be a team of volunteers that review the unencoded scripts, and then possibly encode and upload... They could even have a cool name like "The Code-A-Roos"(sorry couldn't think of a cool name).

[sparky]

If a new dev submitted a script to me to screen for any malicious code, after it was screened that dev would only get that file back encoded with a message in the encoded header like "Screened by Sparky" then a disclaimer following it, only if I was 100% confident of no nasties.

 

As Shaun said checking someone elses code like that takes time and when most devs charge around the $80 p/hr, that could get expensive depending on the script. For example my Template Editor script has 2239 lines of code in the file and jumps all over the place within the script between different functions that are called. It could get very confusing trying to follow some scripts depending on how they were written.

 

There is also a big difference in screening for malicious code and de-bugging code for errors. Just because someone may have passed the malicious code part doesn't mean that the script will be bug free as well. Say if I had checked a file and verified it clean and put my name to it and the script was very buggy. Automatically then I would get branded for being involved with the script and would damage my reputation as well as the script owner.

 

Overall I don't think I would like to be involved with that because of the possible implications that could arise.

 

As for the directory tree thing, yes its a good idea and you will all probably get a nice surprise soon. (Nothing else can be said about that yet, so please don't ask)

[Urano]

I think that could have a directory, and then each user who want to install and use the addon / mod, will can write comments and recomenddations.

 

Each addon/mod will grow in a natural or organic way.

 

Each contributor must be register in order to public his/her addon/mod.

Each contributor can register any number of components.

Each component can be free/paid

Each component can be with source or encrypted.

 

The directory will have a link for the owner's website.

 

What do you think about?

[Matt]

I think the idea of a proper system for listing user contributions/addons is a good one now that the developer community is growing. Something that is categorised and easily searchable which clearly shows the latest version, what versions of WHMCS it's compatable with and the changelog history. Certainly it would be a lot clearer than a 10 page topic where every page has users posting problems and fixes that most don't need to worry about.

 

I'm not so sure about the certification of mods as that may have legal implications but certainly something we can look at.

 

Matt

A directory for addons has now been setup. See http://forum.whmcs.com/showthread.php?t=20830 for more info.

 

Matt

[BAJI26]

Great Scotts! EXCELLENT!

[BAJI26]

Matt can you add a link on the Portal Home for this http://www.whmcs.com/members/index.php

[Urano]

I think the idea of a proper system for listing user contributions/addons is a good one now that the developer community is growing. Something that is categorised and easily searchable which clearly shows the latest version, what versions of WHMCS it's compatable with and the changelog history. Certainly it would be a lot clearer than a 10 page topic where every page has users posting problems and fixes that most don't need to worry about.

 

I'm not so sure about the certification of mods as that may have legal implications but certainly something we can look at.

 

Matt

 

Great!

I think it will be for good.

Edited June 5, 2009 by Urano

[wsa]

Encrypt them to protect myself, Just like people get patents.

 

I agree 100% I personal never encrypt the script until now because I see someone sell my script with out encrypt in month or 2 I see they sell like they did the work. The internet is not the same like before now more peoples out they steal script/software or buy the script then do a refund money to kept free.