[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: phpBB

Subject: Re: phpBB
From: Michael Beck <email@hidden>
Date: Fri, 28 Jan 2005 16:08:40 -0800
Delivered-to: email@hidden
Delivered-to: email@hidden

The most recent (and serious) vulnerability that affected a lot of phpBB
users had to do with a vulnerability in the PHP language itself. You should
upgrade to PHP 4.3.10 to eliminate that vulnerability.

Absolutely true. And that's precisely why we use HTTP authentication: the great thing about it is that the random script-kiddies scanning your site can't pass *anything* into PHP/MySQL until they authenticate. In a situation like ours, where we keep our boards closed, only accessible to the students and faculty, it cuts down on the risk significantly, for known and *unknown* vulns. Yes, of course we keep our patches up to date, but I'm not up at night worrying about who's found the latest php(BB) vuln and whether it's been reported and patched. I mean, I still worry about the thousand-odd people who do have access, but I don't have to worry about the billions of people who don't. So if it suits your purposes (as in, no public access), I strongly suggest HTTP auth. -- --------------------- Michael Beck Systems Administrator Head-Royce School (510) 531-1300 x2190 --------------------- _______________________________________________ Do not post admin requests to the list. They will be ignored. Macos-x-server mailing list (email@hidden) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: phpBB
  - From: Dan Shoop <email@hidden>

Prev by Date: Re: Problems w/ SMB authentication
Next by Date: Re: Unix file permissions
Previous by thread: Re: SHome Folder not available or has moved error -LOSING IT !!!!!!!!!!
Next by thread: Re: phpBB
Index(es):
- Date
- Thread

Home