Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

As a website owner, I would like to have a security.txt file included in my website. #58

Open
4 tasks
Bowens20832 opened this issue Jun 2, 2023 · 4 comments
Open
4 tasks

As a website owner, I would like to have a security.txt file included in my website. #58

Bowens20832 opened this issue Jun 2, 2023 · 4 comments
Labels
good first issue Good for newcomers help wanted Open for all. You do not need permission to work on these. type: enhancement New feature or request.

Comments

@Bowens20832
Copy link
Contributor

Bowens20832 commented Jun 2, 2023
edited
Loading

As a website owner, I would like to have a security.txt file in the root of my application. This file is similar to the robots.txt file, and will serve as a landing point for security researchers and any other people who may stumble into a security issue.

The security.txt file will hold basic info about how someone may report a security issue.

This topic has come up recently alot online, and is now a requirement of all Dutch government website. Though the Dutch government may be a small market for Elegant currently, we have ambitions of being able to support any user who wish to uses Elegant, even if it is a government entity.

https://netherlands.postsen.com/trends/198695/Securitytxt-now-mandatory-for-Dutch-government-websites.html

This topic was futher encouraged for Elegant by users on Hacker News: https://news.ycombinator.com/item?id=36149004#36152473

  • Create a ".well-known" directory under source/elegant/public/.well-known
  • Create security.txt file
  • Include link to Elegant's pgp key for secure communication.
  • Include base app contact info, and/or the contact info of Elegant.
@Bowens20832 Bowens20832 added type: enhancement New feature or request. good first issue Good for newcomers help wanted Open for all. You do not need permission to work on these. version: 2.3 labels Jun 2, 2023
@Bowens20832
Copy link
Contributor Author

Real security.txt file here: https://www.ncsc.nl/.well-known/security.txt
Screenshot 2023-06-01 224548

@Bowens20832 Bowens20832 mentioned this issue Oct 12, 2023
Open
@Bowens20832
Copy link
Contributor Author

gpg --clearsign --default-key security@elegantframework.com security.txt

Contact: mailto:security@elegantframework.com
Expires: 2027-10-24T14:00:00.000Z
Encryption: https://www.elegantframework.com/.well-known/pgp-key.txt
Preferred-Languages: en
Canonical: https://www.elegantframework.com/security.txt

@Bowens20832
Copy link
Contributor Author

gpg --clearsign --default-key security@elegantframework.com security.txt

Contact: mailto:security@elegantframework.com Expires: 2027-10-24T14:00:00.000Z Encryption: https://www.elegantframework.com/.well-known/pgp-key.txt Preferred-Languages: en Canonical: https://www.elegantframework.com/security.txt

Thanks @SkyBulk

@SkyBulk
Copy link

SkyBulk commented Oct 24, 2023

You're very welcome! It was my pleasure to contribute to the security initiatives at Elegant Framework. I'm glad I could assist and look forward to our continued collaboration.

Bowens20832 added a commit that referenced this issue Jul 20, 2024
@Bowens20832
Create security.txt
8040eb2 
Resolves #58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue Good for newcomers help wanted Open for all. You do not need permission to work on these. type: enhancement New feature or request.
Projects
Elegant Framework
Status: In Progress
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Bowens20832 @SkyBulk