There are a lot of random people creating tasks, we should set up an actual demo site.
Description
Description
| Status | Assigned | Task | ||
|---|---|---|---|---|
| Wontfix | epriestley | T331 Set up a demo install of Phabricator | ||
| Spite | epriestley | T6329 Test |
Event Timeline
Comment Actions
It would also be nice to set up a "break Phabricator" install for penetration testing, since a few HackerOne researchers are doing live tests against this install. So far I don't think anyone else has been affected, but if we're setting up demo.phabricator.com we might as well set up hack.phabricator.com too and let researchers play around in a sandbox without having to do a local install.
Comment Actions
Over time, we've reduced the need for this (much more public information, more auth mechanism support, more screenshots and such, better install process).
Users still create test stuff, but it hasn't really ramped up over time and is reasonable to just clean up manually (a handful of things a week).
The problematic HackerOne researchers basically can't read the simplest instructions, so I'm skeptical they'd use a dedicated hack install.
Setting up a dedicated demo is also somewhat involved (we have to wipe it routinely, but probably keep some data around, which we'd have to migrate over time) and will always be lower quality than this real live install (since real data is just better).
This is something we still might do eventually, but I don't anticipate needing it anytime soon.