Jump to content
vargasia

humans.txt file generator

Recommended Posts

Hi everyone,

 

I don't know if you already know the humans.txt initiative. It is getting more and more popular each day. So I made this module to automagically include a humans.txt file at the root of your store with the data of the employees and contacts.

 

I've tested it from Prestashop 1.0 to 1.5.4.1 and it works right. Your store directory must be writeable and that's all.

 

Enjoy and remember: "we are humans, not machines".

humanstxt.zip

Share this post


Link to post
Share on other sites

Which purpose should this module have ? Any improvement or refinement of the software ? Screens and short description of the function are welcome...

Share this post


Link to post
Share on other sites

I'm just wondering, how the "humans" project(?) works?

Share this post


Link to post
Share on other sites

Which purpose should this module have ? Any improvement or refinement of the software ? Screens and short description of the function are welcome...

 

This module create a file named "humans.txt" at the root folder with the store contacts and staff (employees) contact information by default. Once you've generated your humans.txt file, you can customize it.

 

This file offers some information about the people who designed, developed or run the website, Other times, it is used creatively. For instance, look at this: http://www.google.com/humans.txt

 

You can read more about this here: http://en.wikipedia.org/wiki/Humans.txt

 

You don't need any screenshots since this module is not sophisticated at all.

 

I'm just wondering, how the "humans" project(?) works?

 

Read all about it: http://humanstxt.org/

Share this post


Link to post
Share on other sites

By the way putting a txt.file on the net with all employee-data which easily can be used for spam and also the vulnerability risk of an open txt-file with writing permission, I think my question about the purpose and added value is more than justified.

 

Personally for me the module, although it could be a good idea, is a potential risk and nothing I need to have. For a Software this data could be useful and it is already integrated in Prestashop as .md-files. But for merchants I don't think it's an added value.

Share this post


Link to post
Share on other sites

By the way putting a txt.file on the net with all employee-data which easily can be used for spam and also the vulnerability risk of an open txt-file with writing permission, I think my question about the purpose and added value is more than justified.

 

That's why you can modify the generated file!

Share this post


Link to post
Share on other sites

Search the net for txt vulnerability or txt exploit. You are opening with this file your project for each hacker.

Share this post


Link to post
Share on other sites

Search the net for txt vulnerability or txt exploit. You are opening with this file your project for each hacker.

You forgot the most important part: server misconfiguration.

 

Have a nice day.

Share this post


Link to post
Share on other sites

No, this is not really the basic problem, but a module opening the doors for hackers. Prestashop is a 99,99% secure software. The shops hacked were all using extra modules opening the door for hackers. And txt is one of the most known vulnerability problems on the net.

 

Why this lines are uncommented ? If you don't want to use them also nor for to exploit, so I don't see any reason why they are included in the php.

 

//$config = Configuration::getMultiple(array('BANK_WIRE_DETAILS', 'BANK_WIRE_OWNER', 'BANK_WIRE_CURRENCIES', 'BANK_WIRE_ADDRESS'));
//$this->page = basename(__FILE__, '.php');

Share this post


Link to post
Share on other sites

Why this lines are uncommented ? If you don't want to use them also nor for to exploit, so I don't see any reason why they are included in the php.

 

//$config = Configuration::getMultiple(array('BANK_WIRE_DETAILS', 'BANK_WIRE_OWNER', 'BANK_WIRE_CURRENCIES', 'BANK_WIRE_ADDRESS'));
//$this->page = basename(__FILE__, '.php');

 

You can remove them if that makes you happier.

 

P.s. Have you ever read the code from bankwire module?

Share this post


Link to post
Share on other sites

@ vargia - Yes. I read it, because I did some adaptations on this module to comply for German Law.

You are referencing to your own link on several parts of the module code. Unfortunately your own homepage is only an index with logo and no content ? What should we think about this ?

 

And what I fear is this: https://howtohack.po...Vulnerabilities

several Wordpress, Drupal and Joomla projects where hacked by robots.txt file, so for me each txt is a potential security lack.

 

@ vekia - seems that the ideas is coming from ruby on rails project. See discussion on gitHub - https://github.com/r...rails/pull/2734 Unfortunately also there one critical voice fears an exploit problem.

The basic idea is to have developers signed for meta-data. Unfortunately the idea on this module is to disclose employee data for spam. :wacko:

Share this post


Link to post
Share on other sites

@ vargia - Yes. I read it, because I did some adaptations on this module to comply for German Law.

You are referencing to your own link on several parts of the module. Unfortunately your own homepage is only an index with logo and no content ? What should we think about this ?

 

The same I thought when I saw your facebook page. Thank you.

Share this post


Link to post
Share on other sites

The same I thought when I saw your facebook page. Thank you.

 

Please remain objective and answer to the questions. It's not my reputation in question here. And sorry if you expected from a newly opened FB site more content...

Share this post


Link to post
Share on other sites

Found another link: http://en.wikipedia....wiki/Humans.txt

Seems to be an old idea. If it is useful for merchants by list his employees and personal data, this is the main question. Besides the others mentioned above and not yet concrete and detailed answered.

 

Cannot see any added value, as you have the imprint for contact on your site and also the possibility of use of microformats for this.

Share this post


Link to post
Share on other sites

 

 


I've just removed those commented lines at the end of the file so the paranoid folks over here can be a little happier.

You can download last version at: <http://www.vargasia....anstxt-last.zip>

By the way, I like the support and welcome practices in this community. I, for sure, will contribute a lot in the future.

Best regards.


Why not attach the file(last version) to the forum? 

thanks,

Share this post


Link to post
Share on other sites

@ rubalcaba - thanks for your adivise. Post unapproved, as according to the forum rules downloads for free modules should be added directly to the topic.

 

If it is dangerous or not, that cannot be answered with no or yes. Time will show.

For me the module has no added value, because these informations are still available on contact form, imprint and also if you are using microformat modules, in the metas as well. An open list with names and contact details indexed and available over the whole net will make it easy to spam by saying: hi, here I'am, please spam me (or hack me if somebody is ingenious).

 

If I analyse my logs than I can see several malicious bots searching for each txt-file on the server for to try a hack. Last but not least, several WordPress, Drupal and Joomla projects where hacked through a common txt-file. If everybody has now humans.txt file on his server, so the chance is very high that can be used for hack or other malicious things if there is a lack on your server security.

 

Another problem which I see is the fact, that the project, like all, is coming from US which we all know have no data privacy laws. We in Europe need to follow the data privacy, so It's better to don't have any unnecessary data indexed on the net to avoid possible legal troubles.

 

If you think that you have an added value with this module, so install it.

 

@ vargasia -

By the way, I like the support and welcome practices in this community. I, for sure, will contribute a lot in the future.

You are always welcome to contribute with valuable content and please allow others to discuss about it without any resentments. That's the spirit of a forum. ^_^

 

Forum rules you can find here: http://www.prestasho...stions-for-use/

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More