the board this is hosted on.
Moderator: Supporters
the board this is hosted on.
I know im not known here, and so I guess my word doesn't have that much weight yet....but, I would like to point something out. PhpBB is a very, VERY, unsecure forum. I would suggest 1.3 of Invision Power Board....but this is just me. IPB is much eaiser to use and mod.
Just a suggestion
Just a suggestion
-
- Posts: 44
- Joined: Wed Mar 10, 2004 5:30 am
- Location: irc.majestic-liaisons.com
- Contact:
-
- Former UnrealIRCd head coder
- Posts: 811
- Joined: Sat Mar 06, 2004 8:47 pm
- Location: United States
- Contact:
Yeah I think I agree with that. After I read his post, I did some searching for Invision.
So far this year:
2004-03-20: Invision Power Board Search.PHP "st" SQL Injection Vulnerability
2004-03-10: Invision Power Board Multiple Cross-Site Scripting Vulnerabilities
2004-03-09: Invision Power Board Pop Parameter Cross-Site Scripting Vulnerability
2004-03-05: Invision Power Board Error Message Path Disclosure Vulnerability
2004-03-01: Invision Power Board Index.php Showtopic Cross-Site Scripting Vulnerability
2004-01-04: Invision Power Board Calendar.PHP SQL Injection Vulnerability
Granted, Invision had 6, and phpBB had 10 so far this year, but the difference is, I have to pay $200 for Invision, I pay nothing for phpBB. If phpBB had 100 and Invision had 6, then I'd say it's worth it, but when phpBB has 10, and Invision has 6, that's not worth $200 in my mind...
So far this year:
2004-03-20: Invision Power Board Search.PHP "st" SQL Injection Vulnerability
2004-03-10: Invision Power Board Multiple Cross-Site Scripting Vulnerabilities
2004-03-09: Invision Power Board Pop Parameter Cross-Site Scripting Vulnerability
2004-03-05: Invision Power Board Error Message Path Disclosure Vulnerability
2004-03-01: Invision Power Board Index.php Showtopic Cross-Site Scripting Vulnerability
2004-01-04: Invision Power Board Calendar.PHP SQL Injection Vulnerability
Granted, Invision had 6, and phpBB had 10 so far this year, but the difference is, I have to pay $200 for Invision, I pay nothing for phpBB. If phpBB had 100 and Invision had 6, then I'd say it's worth it, but when phpBB has 10, and Invision has 6, that's not worth $200 in my mind...
-- codemastr
There really is no reasen to have https on a forums, Its not like your putting in alot of sensative information. At most you'll be putting your forum password which SHOULD be a uniqe password.
I also have to disagree with the first post. First of all, you didnt defend your reasen for saying that phpbb is very unsecure.
phpBB i believe is a very secure board system. It really doesn't have as many security alerts as other boards(like your beloved invision board) and when somthing is found, i always get the patch email only a day or so later.
My main choice of Bulletin Board system would be Vbulletin but i dont have another $160 to shell out to buy another licence. I have 2 that im running on this server allready, so i don't think i can afford another.
I also have to disagree with the first post. First of all, you didnt defend your reasen for saying that phpbb is very unsecure.
phpBB i believe is a very secure board system. It really doesn't have as many security alerts as other boards(like your beloved invision board) and when somthing is found, i always get the patch email only a day or so later.
My main choice of Bulletin Board system would be Vbulletin but i dont have another $160 to shell out to buy another licence. I have 2 that im running on this server allready, so i don't think i can afford another.
Well before we decided that this was going to be official I already said phpBB was quite insecure (yes I agree it is, I've seen like >80 bugtraq posts about this in the past 3 years and there are like 20 vulns if not more)...
But the thing is... if it's hacked... so what? There's not really anything secret stored here and if someone is able to modify information in here it's not a "big problem" either (again: put it in perspective)... If our main site, my personal site (vulnscan.org) or one of our mirrors got hacked it's like 20x worse.
Of course that doesn't mean I don't care, no.. don't get me wrong. If I see a new security vuln (like recently) I notify other people immediately, it's just that this is not "critical infrastructure" ;).
Besides, I like phpBB ;).
But the thing is... if it's hacked... so what? There's not really anything secret stored here and if someone is able to modify information in here it's not a "big problem" either (again: put it in perspective)... If our main site, my personal site (vulnscan.org) or one of our mirrors got hacked it's like 20x worse.
Of course that doesn't mean I don't care, no.. don't get me wrong. If I see a new security vuln (like recently) I notify other people immediately, it's just that this is not "critical infrastructure" ;).
Besides, I like phpBB ;).
In a joint project by hotscripts.com and devshed, phpbb was analyized along with about 20+ other boards for functionality and security. It placed 3rd in the ranks of functionality, and 2nd in ways of security. VBulletin came in first for both, invision came in 5th for security, and 2nd for functionality. So i tryed to base my choice of BB's off that, and i also didn't want to spend any money on a board license.
If you know of any more free BB's that you think are werth a try, bring it up with codemastr and im sure he'll talk to me about it.
If you know of any more free BB's that you think are werth a try, bring it up with codemastr and im sure he'll talk to me about it.