Subforum security

[kixe]

Since I am logging 404 requests I recognize very often requests searching for potential security gaps (mostly targeting at other CMSs like wordpress). I am not a specialist in this complex theme. Beside the security docs: https://processwire.com/docs/security/ I would like to have a subforum 'security' where tried or real attacks, potential lack of security, prevention etc. could be discussed.
 

[GuruMeditation]

I agree, especially for front-end development, i.e securely uploading files from a front-end form, using WYSIWYG editors as securely as possible etc.

​

​A list of links to tools and resources could also be handy, i.e https://www.acunetix.com/

[Tom.]

While ProcessWire is one of the most secure CMS's I know of. Attackers are smart and mostly, smarter than me. 

[teppo]

Sounds like a sensible idea, a new forum section for security-related discussion definitely gets my vote. At the very least this should make it more obvious that security is, in fact, an important factor for ProcessWire. The product and the community.

[Pete]

Done. I've been woken up early by my darling daughter (5am...) so doing this on my phone means I can't set where it appears in the forum list so it's below the Jobs forum for now.

I would suggest a couple of starter topics - one signposting to the existing docs and another if someone wants to kick off with an example of form validation/sanitation that we might all use on a daily basis (a simple contact form perhaps).