Full Disclosure mailing list archives
Re: Security of phpBB
From: Daniel <deeper () gmail com>
Date: Mon, 20 Jun 2005 14:14:12 +0100
Tom, It pretty much breaks down to 3 questions: 1: will it be web facing at all (or are we looking at an internal server only) 2: Is this for company confidential information, or general chatter 3: What other products have you looked at? To be honest, i'd recommend Phorum http://phorum.org/ as its far more secure than phpBB (which incidentally i now use to teach people how not to produce web applications) Also, by adding another layer like mod_security, http://modsecurity.org also helps Daniel OWASP.org On 6/20/05, Moritz Naumann <info () moritz-naumann com> wrote:
Tom Edwards wrote:I am new to this list and to security in general so please excuse my question. A friend told me that our forum software phpBB is not very secure and told me about this. Where can I get information on that? What must I do to make it secure?Hi Tom, many people are concerned about known and unknown security issues related to phpBB. There have been a lot of security issues with it in the past, have a look at http://www.phpbb.com/security/final_reports.php (or search the FD archives) for some of the latest. The assumption many people make is that if so many vulnerabilities are constantly discovered on this software, it can be assumed that there still are many left and this application must thus be considered insecure in general. While I'm not saying this is a correct conclusion (and I'm also not saying it was not), much less security issues have been discovered on other wide-spread bulletin board softwares in the same time (which might also be related to other factors such as their licensing terms and pricing which make a comparison difficult, though). Hope this helps a bit, Moritz _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Security of phpBB Tom Edwards (Jun 20)
- Re: Security of phpBB bugtraq (Jun 20)
- Re: Security of phpBB Moritz Naumann (Jun 20)
- Re: Security of phpBB Daniel (Jun 20)
- Re: Security of phpBB Tom Edwards (Jun 20)
- Re: Security of phpBB Daniel (Jun 20)
- Re: Security of phpBB Aaron Horst (Jun 20)
- Re: Security of phpBB milw0rm Inc. (Jun 20)
- Re: Security of phpBB nick johnson (Jun 21)
- Re: Security of phpBB milw0rm Inc. (Jun 21)
- Re: Security of phpBB nick johnson (Jun 21)
- Re: Security of phpBB nick johnson (Jun 21)
- <Possible follow-ups>
- Re: Security of phpBB nick johnson (Jun 20)