plug-discuss archives

Chip Nielsen plug-discuss@lists.plug.phoenix.az.us
Sun, 1 Sep 2002 23:21:42 -0700 

I've done some research into security vulnerabilities related to phpBB.
Most of the vulnerabilities seem to be in older versions of the software.
The most recent bug affected version 2.0 but there are new releases that fix
this issues. I feel as long as someone keeps on top of new updates to
the software, the security risk is fairly low. Of course, the backend
database would need to be secured properly as well.

PHPBB is very easy to install and maintain. As far as injecting 
mailing list content, that could be done using a script and properly
inserting the messages into the database. All you need is a little
time and some Perl code.


-----Original Message-----
From: plug-discuss-admin@lists.plug.phoenix.az.us
[mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of David
Uhlman
Sent: Sunday, September 01, 2002 10:58 PM
To: plug-discuss@lists.plug.phoenix.az.us
Subject: Re: plug-discuss archives


Actually this of course ties into the plug website business, I would think
it really great to have forums that are dynamically filled with content from
the mailing list. Those that like the list could cheerfully ignore them and
if we put some though into it I think we can have a sane mechanism for
contributing from the forum to the list (I mean that figuratively rather
than literally, eg a good message tracking system so that the forum viewer
can create an email to send to the list rather than an automated system that
could fill the list with junk)

PHPBB seems a forerunner as it ties well to postnuke, however I have heard
it has or has had some serious security problems. Can the security problems
be confirmed? or is there a comparable alternative, especially on with good
aesthetics? After looking at the list on phpadvisory it doesn't look all
that good. I will note that there are several very high profile sites using
though, what have they done to secure it?

Sincerely,
David Uhlman
CTO 50km Inc.

----- Original Message -----
From: "Chip Nielsen" <chipn@intraworx.net>
To: <plug-discuss@lists.plug.phoenix.az.us>
Sent: Sunday, September 01, 2002 10:20 PM
Subject: RE: plug-discuss archives


> Vic,
>
> Perhaps consider setting up forums? Mailing lists are more
> real-time, but forums allow better subdivision of topics
> and archiving of messages.
>
> Just a thought.
>
> I'd be willing to help out with administration of the
> web site. Not a web designer, but I can help with
> anything else.
>
> Chip Nielsen
>
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss