dupal1.no wrote:
Please , explain. Maybe I will learn something :-}
Susan Stewart skrev:
dupal1.no wrote:
Hi Tim I supose it's the phpbb wich are the best. http://www.phpbb.com/
Ugh. phpbb is a security nightmare, not to mention a maintenance one.
Susan
phpbb isn't actually modular like drupal -- its add-ons require code to be cut-and-pasted by hand into the phpbb core files. This is a VERY error-prone process, and a mistaken paste can break the whole system visibly -- or worse, invisibly with a gaping security hole that isn't obvious to the average admin. Also, this becomes complicated the more add-ons you get, as line numbers change (pasting 14 lines of code at line 31 for module X makes your paste for module Y at line 984 31 lines off), making the insertion of add-on code even more error-prone.
In order to upgrade to a new version or security patch, you must re-install (i.e. re-cut-and-paste all of the add-ons you have).
Security patches don't come along as fast as I'd like them, but that's a matter of personal preference, I guess. I have extremely high expectations for that sort of thing.
What's worse is the security holes that don't get fixed. I ran a phpbb forum for a couple of months, and discovered several cross-site scripting, request forgery, and other vulnerabilities. (I'm no security expert, I'm sure there are more.) Most of them had already been in the phpbb issue tracker for weeks or more without being handled, and some were critical.
It's entirely possible that phpbb has gotten their act in order since I ran it a year and a half ago, but their reputation says otherwise. I'm quite happy with drupal forums (though I'd like to see some of the changes we discussed during Drupalcon last month come through to make them even better). I can't imagine using phpbb again.
Susan