[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <42B6BC06.60108@moritz-naumann.com>
Date: Mon Jun 20 13:56:02 2005
From: info at moritz-naumann.com (Moritz Naumann)
Subject: Security of phpBB
Tom Edwards wrote:
> I am new to this list and to security in general so please excuse my
> question. A friend told me that our forum software phpBB is not very
> secure and told me about this. Where can I get information on that? What
> must I do to make it secure?
Hi Tom,
many people are concerned about known and unknown security issues
related to phpBB. There have been a lot of security issues with it in
the past, have a look at
http://www.phpbb.com/security/final_reports.php
(or search the FD archives) for some of the latest.
The assumption many people make is that if so many vulnerabilities are
constantly discovered on this software, it can be assumed that there
still are many left and this application must thus be considered
insecure in general.
While I'm not saying this is a correct conclusion (and I'm also not
saying it was not), much less security issues have been discovered on
other wide-spread bulletin board softwares in the same time (which might
also be related to other factors such as their licensing terms and
pricing which make a comparison difficult, though).
Hope this helps a bit,
Moritz
Powered by blists - more mailing lists