Guest K1u Posted December 14, 2006 Share Posted December 14, 2006 This is interesting for us java ppl Quote Link to comment Share on other sites More sharing options...
Guest K1u Posted December 14, 2006 Share Posted December 14, 2006 This is interesting for us java ppl and Wait why smf it can be exploited easily through the browser... well the last time i did that was 3 months ago so its probbly fixed I've yet to see a security hole in SMF that wasn't fixed immediately and most of the holes found have been in the beta/RC stages of 1.0 and 1.1. You even get an announcement about updates as soon as you go to the admin centre and from there it's just a few clicks and the patch can be applied. I can't see how the most newbie of administrators could fail to update their forums in time. Perhaps you would like to take a look at the track record of other forum software? Do you not remember the masses of hijacked phpBB forums in recent years? I'm not saying phpBB has a reputation for bad security, I'm just saying your point is rather irrelevant when compared to other forum software SMF has been excellent security-wise. SMF upload XSS vulnerability Quote Link to comment Share on other sites More sharing options...
cooper Posted December 14, 2006 Share Posted December 14, 2006 I won't donate because their are many free, open source alternatives I'm with you. Quote Link to comment Share on other sites More sharing options...
CaveMan Posted December 14, 2006 Share Posted December 14, 2006 I won't donate because their are many free, open source alternatives I'm with you. quoted for emphasis Quote Link to comment Share on other sites More sharing options...
Dr Zaius Posted December 15, 2006 Share Posted December 15, 2006 SMF upload XSS vulnerability I admit that SMF has had a number of vulnerabilities over the years. But it's still in my opinion a lot better than other forum software with regards to the number and severity of security issues. None of the holes I've seen have ever made me particularly worried as they are only minor things, I've yet to see a single SMF board that has been hijacked, not that SMF is bullet-proof by any means, it just seems to be in my opinion a lot less prone to being exploited. I still maintain that a good administrator can prevent any security issues. Every vulnerability listing for SMF that I've seen has some sort of negative comment about the SMF development teams attitude to security, if they truly were so reckless then we would be seeing SMF boards being hijacked all the time and the entire userbase would be complaining about it, this isn't happening. If these holes really are such a huge issue then why aren't the discoverers of these holes making all us SMF administrators aware of their significance on the community forums? Thousands of administrators all complaining at once would change any "attitude problem". Quote Link to comment Share on other sites More sharing options...
VaKo Posted December 15, 2006 Share Posted December 15, 2006 I'm just working to the premis that there all hackable, so having good backups is a must. Quote Link to comment Share on other sites More sharing options...
Dr Zaius Posted December 15, 2006 Share Posted December 15, 2006 I'm just working to the premis that there all hackable, so having good backups is a must. Indeed there's always unpublished exploits and the risk of exploits in the related software: webserver, php, sql database etc, or an exploit in another application on the server that could allow an attacker to gain access. Don't let mine or anyone else's comments on security bias you, you should be choosing forum software based on functionality. Any security issues on any forum software can be mitigated by a good administrator, and as you say backups are critical. Quote Link to comment Share on other sites More sharing options...
Kateweb Posted December 15, 2006 Share Posted December 15, 2006 so what is wrong with the software now ? from a posters side it looks good it could use some tweeking but I have no real complaints. Quote Link to comment Share on other sites More sharing options...
cooper Posted December 15, 2006 Share Posted December 15, 2006 The problem is that phpbb doesn't have a really good way of dealing with spammers, and that the backend database tends to get slightly corrupted over time. The visible result of that is mostly nuicances like a post not appearing, but being counted for the page flow, allowing you to follow a link to a page in a discussion that has no posts on it. Also, there's been at least 1 occurrance of a post made by person A but being attributed to person B. Personally, I blame the MySQL backend the most as I just plain think it's a piece of shit database. But I guess it mostly boils down to phpbb being too heavy on the machine combined with the spam thing as being the biggest causes for wanting a change. Quote Link to comment Share on other sites More sharing options...
Kateweb Posted December 15, 2006 Share Posted December 15, 2006 well on my end I have started work on the flash pice that every one will have to watch b4 posting, if it gets desided that way it could help slow down spam, I would also sugest turuning on the option to manualy aprove new mwmbers.. but that just me. Quote Link to comment Share on other sites More sharing options...
cybershaman Posted December 24, 2006 Share Posted December 24, 2006 I can give (my personal) recommendation on using SMF. It was very easy to switch from phpBB to SMF. Also I think it's a lot easier/better to moderate/manage than phpBB. And the best part is... I haven't had a single spam register/post after the switch (about 4 months :)).......*knocking wood* Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.