The most recent (and serious) vulnerability that affected a lot of phpBB
users had to do with a vulnerability in the PHP language itself. You should
upgrade to PHP 4.3.10 to eliminate that vulnerability.
Absolutely true. And that's precisely why we use HTTP
authentication: the great thing about it is that the random
script-kiddies scanning your site can't pass *anything* into
PHP/MySQL until they authenticate. In a situation like ours, where
we keep our boards closed, only accessible to the students and
faculty, it cuts down on the risk significantly, for known and
*unknown* vulns.
This doesn't reduce the risk of vulnerabilities, it just limits where
any attacks can come from that exploits these vulnerabilities.
Yes, of course we keep our patches up to date, but I'm not up at
night worrying about who's found the latest php(BB) vuln and whether
it's been reported and patched. I mean, I still worry about the
thousand-odd people who do have access, but I don't have to worry
about the billions of people who don't.
Why not just use a stronger BBS application w/o a history of long
standing coding issues? Especially if you're deciding on a new
application?
--
-dhan
------------------------------------------------------------------------
Dan Shoop AIM: iWiring
Systems & Networks Architect http://www.iwiring.net/
email@hidden http://www.ustsvs.com/
iWiring designs and supports Internet systems and networks based on
Mac OS X, unix, and Open Source application technologies and offers
24x7, guaranteed support to registered clients, at affordable rates.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
