There have definitely been some major vulnerabilities for phpBB,
but the same holds for most of the alternatives, and the phpBB team
seem to be much better these days with at least keeping users
easily informed about security problems.
Also, if you're interested, it's pretty easy to supplement phpBB's
built-in auth routines with HTTP authentication. Depending on where
you do it, you can make a completely closed board, where users can't
even touch the pages until they authenticate with a valid user/pass.
You can also keep the registration page open, so that they can
register but not see the rest of the board. Obviously this only make
sense for closed or semi-closed communities - allowing public
browsing defeats the purpose. But it's much more secure if it suits
your application.
This does not increase the [in]security of the code at all. At best
you're just limiting nefarious activity to ppl that authenticate, the
problems still persists. And even just permitting access to your
registration page is enough for a compromise.
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.iwiring.net/
email@hidden http://www.ustsvs.com/
iWiring designs and supports Internet systems and networks based on
Mac OS X, unix, and Open Source application technologies and offers
24x7, guaranteed support to registered clients, at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
