Search Postgresql Archives

Re: Forum Software

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



----- Original Message ----- From: "Harry Jackson" <harryjackson@xxxxxxxxx>
To: <pgsql-general@xxxxxxxxxxxxxx>
Sent: Saturday, December 31, 2005 12:39 AM
Subject: Re: [GENERAL] Forum Software


On 12/30/05, Scott Marlowe <smarlowe@xxxxxxxxxxxxxxxxx> wrote:

Also, as a big proponent of PHP, I have to admit that it's quite easy to
write insecure software with it.

Its quite easy to write insecure software period. Choice of language
with regards security is an almost pointless discussion. See point
[0]. Its the ability of the surgeon in the majority of cases that
makes for a successful operation not his choice of scalpel [1].

I've had nothing but good luck with PHPBB.

And I am truly happy for you. I would have loved phpBB to have been my
silver bullet. I may yet need to use it again because I can find
nothing else that will do the job. For all its faults its most
certainly filling a gap in the market.

So far I've been quite happy with phpbb as well. There are some PHP security issues that of course every PHP-using administrator can modify if they choose so, like register_globals etc. Then of course the phpbb installation instructions claiming you have to chmod 777 whole phpbb directory tree aren't true and actually judicious use of other access permissions is even more recommended - I use 770 as my base permissions and then tighten the permissions for certain files and directories further.

The security patches seem to come in fairly good intervals, and are pretty easy to apply, unless you're running a heavily customized board. Of course keeping the whole site secure means following the Apache, PHP, Postgres and OS updates which can be painless or painful depending on OS of your choice. Phpbb as such can't be held responsible IMO in cases where cracker uses a security hole located in any underlying component.

Just out of curiosity, was only the bulletin board cracked or was your whole system compromised?

-Reko


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux