View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 5638 | Composr | core | public | 2024-03-11 21:21 | 2024-06-07 03:45 |
| Reporter | PDStig | Assigned To | PDStig | ||
| Priority | high | Severity | feature | ||
| Status | assigned | Resolution | open | ||
| Summary | 5638: Use web API / libsodium for sending error reports in v11 and to replace openSSL | ||||
| Description | Instead of sending emails, we should resort to using a web API / libsodium for sending error emails to the core developers of Composr starting in v11. Probably handle reports in a composr_homesite module of some sort with the option to export a particular error to a tracker issue (make sure it doesn't send sensitive info to the tracker!). May need facilities for auto cleaning up reports and for ignoring duplicate reports (or better yet, have a counter counting how many times a particular error got reported and when it was last reported by that site). Might be good to also have facilities for categorising the errors for quick observation of overall software stability. This will also necessitate the requirement that libsodium is available on the server (and we should add a health check for it). This was natively integrated into PHP as of 7.2. Don't use http abstraction because Composr could be in a dire state. Instead, use a raw fsockopen with a payload that has been encrypted with libsodium. Bake our public key into v11 from a function such as get_brand_public_key. Make sure to keep this updated / have tests for it. | ||||
| Additional Information | E-mails worked great. But as time goes on, it becomes more costly to utilize e-mail systems with growing needs for antispam and authentication. Many servers might not even use e-mail anymore. It has become necessary now to resort to using web APIs for sending errors to the core developers. But considerations must be made to ensure it can go through despite PHP's lack of native stable HTTP support and Composr possibly being in a dire state. fsockopen looks to be our best bet, but it is a terrible idea to send errors raw. OpenSSL is also not that stable. libsodium seems like the most reasonable solution for encrypting error messages as they get sent. | ||||
| Tags | Roadmap: Over the horizon, Roadmap: v11 partial implementation | ||||
| Attach Tags | |||||
| Time estimation (hours) | |||||
| Sponsorship open | |||||
|
|
Automated message: This issue was created using the Report Issue Wizard on the Composr homesite. |
|
|
Will need to also edit documentation such as tut_webhosting mentioning OpenSSL |
|
|
Partially implemented. I'm not sure if we want to go the full way for 11.0 and remove OpenSSL / replace with libsodium completely. I think that's a project for 11.1. |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2024-03-11 21:21 | PDStig | Tag Attached: Roadmap: v11 | |
| 2024-03-11 21:21 | PDStig | Assigned To | => user4172 |
| 2024-03-11 21:21 | PDStig | Status | Not Assigned => Assigned |
| 2024-03-12 01:09 | PDStig | Note Added: 0008388 | |
| 2024-03-30 14:43 | PDStig | Note Added: 0008495 | |
| 2024-03-30 14:43 | PDStig | Tag Detached: Roadmap: v11 | |
| 2024-03-30 14:43 | PDStig | Tag Attached: Roadmap: v11 partial implementation | |
| 2024-03-30 14:43 | PDStig | Tag Attached: Roadmap: Over the horizon | |
| 2024-06-07 03:45 | PDStig | Summary | Use web API / libsodium for sending error reports in v11 => Use web API / libsodium for sending error reports in v11 and to replace openSSL |
| 2024-06-07 03:45 | PDStig | Description Updated | |
| 2024-06-07 03:45 | PDStig | Additional Information Updated |
