Why is BNETDocs in read-only mode?

Hey all, I figured it might be time to remind everyone why BNETDocs is in read-only mode, and how to continue serving the community you love.

Earlier in 2014 when I inherited BNETDocs from Kyro, it was given to me with a warning that someone had used SQL injection exploits to delete data. There were holes in the code which allowed malicious parties to inject harmful queries to BNETDocs. Kyro turned off logins to the site after realizing what had happened. This was the state I was given it in.

After inheriting BNETDocs, I analyzed the access logs and mapped them to the code. I realized there were many holes in the code that couldn't easily be fixed in the small time I have to this project. I put the entire site into read-only mode (the SQL user itself can't insert, alter, or delete). This was to safeguard the data from being deleted or tampered with until the holes could be fixed. Move on a couple years later to the present year: 2016, and these holes are still present. I've patched the ones that alert over on New Relic, but I can still see access logs that indicate users trying to break in to specific parts of BNETDocs.

BNETDocs Redux has a lot of unmanageable code that needs to be brought up to date with current technology. It is architecturally a bad design under the hood as well, so bringing it to the future is no trivial task. It is this reason that as the owner of BNETDocs, I decided an entire rewrite of BNETDocs was in order. This is where BNETDocs Phoenix comes in. However, like I mentioned above, I have little time to dedicate to BNETDocs. I've been tremendously busy as of late, and haven't put in the work I'd like to for BNETDocs Phoenix.

Now here comes the fun part. All of Redux and Phoenix are on GitHub, open-sourced so everyone can contribute. Not only that, but any email sent to the BNETDocs domain will arrive to my inbox, so if there's any questions or concerns, I'd love to hear them. If you have something to contribute to the BNETDocs documentation, shoot me an email or message me on IRC, or any other means you have to contact me, and I'll personally update the database that BNETDocs reads from myself. Hell, even creating an issue on the BNETDocs/bnetdocs-web repository will work.

With all of the above out of the way, I have no plans to ever take Redux out of read-only mode, sorry to anyone who had their hopes up. I want all effort to be dedicated to the new BNETDocs Phoenix site. I consider the Redux flavor to be archived code and only reasonable patches to it will be considered.


no one has commented yet.