You are not logged in. Please login or register.
PunBB Forums → Posts by sankynet
Pages 1
middleground --
Thanks for the link. That's a lot to look out for. I've bookmarked it.
Rickard --
Thanks for the explanation (and thanks for all of your work on the software too 
). It's certainly reassuring (and it's great that someone's doing a security audit!). I'll post again here to let you know if we end up using PunBB.
Well, we need a single sign-on point (granted, this could be done with separate DBs). But also, the application we're going to be integrating forums into will serve many many purposes for the organization, including e-commerce, tracking entry points into the site, and more. The forums will be serving as support groups, and the ability to read and post in each forum will depend on some of the (yes, sensitive) data in the rest of the DB.
Moreover, the organization's administrators need to be able to run complex queries that use both forum tables and tables from the rest of the application we'll be building, which would be much more complicated to implement with multiple DBs. And the database, with all of this info, including some parts of the forum data, will serve as the central data store for the organization (yes, we'll be backing it up AT LEAST weekly).
security releases aren't bad, it just means rickard is addressing the problems ASAP
Of course it's good to know that they're being dealt with immediately. I guess my concern is that there are enough security bugs left in the code for one to be found every month. If someone were to get unauthorized access to our database (or worse, our server) it could be a critical problem.
Personally, I don't know enough about all of the different potential security problems to do a security audit of the code -- otherwise I could just look through and fix anything I saw that looked like it could cause problems. Maybe that makes me underqualified to work on code that accesses a critical database anyhow....
Actually, with that in mind, does anyone know of a good resource for learning about PHP security beyond addslashes() and register_globals and not including files based on request variables?
thx!
Hi,
I'm considering integrating PunBB into an upcoming open source project (it seems to be the best compromise between cleanly coded and feature-complete that I've found), but I'm concerned about security. From what I can gather from the homepage, PunBB seems to have had security problems requiring updates around once a month recently (phpBB has published only 2 such security updates in the last 12 months, AFAICT).
Is PunBB secure enough to integrate into an application that will access a database that also contains sensitive user information? What would I need to do in order to make it that secure?
Thanks for your help!
Pages 1
PunBB Forums → Posts by sankynet
Powered by PunBB, supported by Informer Technologies, Inc.