I really like this system.
I’d like to build a system to add some of my and my friends‘ important important information into the system. But I’m afraid that our info will be stolen or hacked.
How to protect this system? Or should I just change into another system?
We take security very seriously at Discourse. We welcome any peer review of our 100% open source code to ensure nobody’s Discourse forum is ever compromised or hacked.
You can read more about that at discourse/SECURITY.md at master · discourse/discourse · GitHub
The only way to fully secure any piece of software (online or offline) is to take it to the desert, drop it in a 20ft hole and dump cement over it. So, 100% continuous, permanent security is not possible (just look at Denuvo).
But, if the question is “Is open source software more secure than closed software” than the basic reasoning behind answering this question is that with open source software (that has a large user base with active feedback) that any security exploits get reported quickly, and therefore can get plugged (fixing said security issue) quickly.
There are somethings you can do yourself:
Any member can maliciously still copy/paste the information for the rest of the world to see.
A good thing to know about Discourse based on what I’ve read on this forum/meta is that any image, uploaded document (pdf, word, excel, etc.) can be accessed even when the forum is set to private if somebody from outside the forum knows the exact url for the file.
The main site settings you would want to flip on here
HTTPS, obviously!
secure email (don’t leak content over email)
login required (don’t show content to anons)
account approval required or invite only to taste (don’t allow anyone except people you know / approve) to join
Can you think of anything else here @erlend_sh?
