This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Project Information:template Enigform and mod OpenPGP - Final Review - Self Evaluation - B
Clik here to return to the previous page.
FINAL REVIEW | ||
---|---|---|
PART I | ||
Project Deliveries & Objectives |
OWASP OpenPGP Extensions for HTTP - Enigform and mod_openpgp Project's Deliveries & Objectives | |
QUESTIONS | ANSWERS | |
1. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please exemplify writing down those of them that haven't been realised. |
I was able to implement a Wordpress plugin that enables Enigform-based login to Wordpress's admin/user area. The plugin is currently offered by wordpress.org. This plugin was also implemented in my own wordpress blog, becoming the Demo Site. As a demonstration of keyring-sharing and mod_openpgp multi-virtualhost integration, the Testing Site maotest.buanzo.org shares this same keyring. I've written the Definitive Enigform Guide and published it at wiki.buanzo.org. It contains detailed instructions for implementing the wordpress plugin, INCLUDING Enigform client and server setup, troubleshooting, and links to other useful resources. An unplanned feature was added: Server Signature Verification in Secure Login. Enigform Plugin 0.8.2.8 is now available in addons.mozilla.org. Mod_openpgp 0.5.0 was announced in freshmeat.net. A Debian package for mod_openpgp is in the works, but I consider the Guide to be the best procedure to follow. | |
2. At what extent have the project deliveries & objectives been accomplished? Having in consideration the assumed ones, please quantify in terms of percentage. |
100% | |
3. What kind of help is required either from the Reviewers or from the OWASP Community? |
Mark mentioned a Session Hijacking test suite should be used. I'd like to do that in the next 15 days if possible. | |
PART II | ||
Assessment Criteria |
||
QUESTIONS | ANSWERS | |
1. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Alpha Quality status? |
I don't use sourceforge nor googlecode. I use mozdev.org, wordpress.org and svn.buanzo.org. | |
2. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Beta Quality status? |
The easy-to-use installer might not be quite possible. I discussed this in owasp-leaders, but the CLIENT side is quite simple (create pgp keyring [lots of GUI tools for this], then install enigform as a common firefox addon). The wordpress plugin is compliant with wordpress.org's best practices. Mod_openpgp is difficult, but easier than, say, OpenSSL. | |
3. Having into consideration the OWASP Project Assessment Methodology which criteria, if any, haven’t been fulfilled in terms of Release Quality status? |
not applicable | |
4. What kind of help is required either from the Reviewers or from the OWASP Community? |
I'm pleased with the current help and support from the Reviewers and OWASP Community. THANKS. |