February 14th, 2003, 06:46 PM
I am considering hosting a forum, but am concerned about the security of php-based software (like vbulletin).
Can anyone shed any insight as to what challenges I need to look for? Are there any features I should consider disabling?
Thx for your time.
February 14th, 2003, 08:22 PM
February 14th, 2003, 11:21 PM
phpBB is very secure. Try it. http://www.phpbb.com
February 14th, 2003, 11:53 PM
I think in scrips like vbulletin, the most (common) danger is cross site scripting bugs. And sql injection. Just sign up for a decend bugtracking list and you should be fine. Disable things you think are not secure (like html code in posts). Backing up yer data is always usefull, for some unexpected bug. Watch out with mods and ads... Use them if you like, but don't just paste code everywere, not knowing what yer doing. Just take it easy and everything should be fine the first few time.
February 19th, 2003, 04:54 PM
Thanks for the responses, guys. I'll look into your suggestions.
On a similar note, the chat rooms on these forums....are they relatively secure? I'm headed to Bugtraq now, but I've heard of someone nabbing user IPs during chat sessions. I know of scripts for things like that on IRC, but didn't know the forum's Java code could be tweaked by a user. Of course, I'm assuming what I heard is actually true. Could be someone's empty claims....
February 19th, 2003, 05:36 PM
bugtraq will only cover standard parts of the prebuilt system, when you start adding your own parts, you will have to code them correctly to prevent security holes. Take a look at www.owasp.org this web site is the best place for web application security. I also inculdes a very good paper on how to secure a web application.
I hope that points you in the right direction
I\'m a SittingDuck, but the question is \"Is your web app a Sitting Duck?\"