[support] Best forums?

[Susan Stewart]

dupal1.no wrote:
> Please , explain.  Maybe I will learn something :-}
> 
> 
> 
> Susan Stewart skrev:
>> dupal1.no wrote:
>>   
>>> Hi Tim
>>> I supose it's the phpbb wich are the best.  http://www.phpbb.com/
>>>     
>>
>> Ugh.  phpbb is a security nightmare, not to mention a maintenance one.
>>
>> Susan
>>   
> 

phpbb isn't actually modular like drupal -- its add-ons require code to
be cut-and-pasted by hand into the phpbb core files.  This is a VERY
error-prone process, and a mistaken paste can break the whole system
visibly -- or worse, invisibly with a gaping security hole that isn't
obvious to the average admin.  Also, this becomes complicated the more
add-ons you get, as line numbers change (pasting 14 lines of code at
line 31 for module X makes your paste for module Y at line 984 31 lines
off), making the insertion of add-on code even more error-prone.

In order to upgrade to a new version or security patch, you must
re-install (i.e. re-cut-and-paste all of the add-ons you have).

Security patches don't come along as fast as I'd like them, but that's a
matter of personal preference, I guess.  I have extremely high
expectations for that sort of thing.

What's worse is the security holes that don't get fixed.  I ran a phpbb
forum for a couple of months, and discovered several cross-site
scripting, request forgery, and other vulnerabilities.  (I'm no security
expert, I'm sure there are more.)  Most of them had already been in the
phpbb issue tracker for weeks or more without being handled, and some
were critical.

It's entirely possible that phpbb has gotten their act in order since I
ran it a year and a half ago, but their reputation says otherwise.  I'm
quite happy with drupal forums (though I'd like to see some of the
changes we discussed during Drupalcon last month come through to make
them even better).  I can't imagine using phpbb again.

Susan