The source for the core file integrity sums (e.g. https://getpanopticon.com/checksums/joomla) is hard-coded in the connectors. That's great... but centralizes control. The whole point of Panopticon is that you can decentralize control.
It would make sense if Panopticon itself could be configured with a base URL to replace https://getpanopticon.com/checksums. This URL could be sent to the connector when asking for a scan. In this case, it would use that URL to fetch the updated core sums.
While it sounds like a potential security issue (what if an attacker replaces the core sums with something malicious), it's really not. For starters, the request has to be authenticated with a key that allows full access to the site; if that's compromised, your site is thoroughly pwned and you have bigger problems than lying core sums. This is outside the threat model Panopticon –and every other site monitoring service I have seen– is currently designed to handle.
The source for the core file integrity sums (e.g.
https://getpanopticon.com/checksums/joomla) is hard-coded in the connectors. That's great... but centralizes control. The whole point of Panopticon is that you can decentralize control.It would make sense if Panopticon itself could be configured with a base URL to replace
https://getpanopticon.com/checksums. This URL could be sent to the connector when asking for a scan. In this case, it would use that URL to fetch the updated core sums.While it sounds like a potential security issue (what if an attacker replaces the core sums with something malicious), it's really not. For starters, the request has to be authenticated with a key that allows full access to the site; if that's compromised, your site is thoroughly pwned and you have bigger problems than lying core sums. This is outside the threat model Panopticon –and every other site monitoring service I have seen– is currently designed to handle.