|
Home > Archive > Certified Internet Webmaster - CIW > June 2002 > FORUMS how to?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
|
|
|
| My dear friends,
I need your help; can any one lead me to:
1- A site with information on how to build a web forum using php & mysql.
2- Any site that sells FORUMS.
3- Any site talking about forums security issues, and how to make your forum more secure against intruders and bad hackers?
My best regards. | |
| idiotprogram 2002-05-31, 10:50 am |
| if you have apache/mysql/php it is pretty easy to find good forum software. One of the best available now is phpBB. But there are really many. Usually the instructions for these programs are on the site where you can download the forum. My observation has been that developers often post security/bug reports. I know PhpBB had a major vulnerability that was addressed recently.
I'm no programmer, but from the administrator's point of view, forum vulnerabilities usually arise from forgetting to set the permissions right or leaving the default password.
A lot of the vulnerabilities can arise from the scripting language you use (i.e., php). Interestingly, being able to deploy and patch applications like this is pretty important to administrators, and yet Master CIW Administrator exams hardly test this. And the 1D0-441 CIW Database Specialist exam just covers basic sql principles.
Of course, it's unreasonable for the exams to test on specific applications with different platforums. But it's interesting that the ciw exams don't appear to test about patching procedures.
rj | |
|
| Thank You Man 
Thank you, a great forum but I need to study the security issue very will.
I have another question: how can the administrator control a forum in a diplomatic polite way considering a situation of embarrassing questions from a user of the forum, to clarify more let say some one made his/her own forum about a (e.g. religious, culture, … issues) he/she don't want to talk about certain things in this forum which a lot of users may talk about how can he/she -the admin- control this situation without hurting the feelings of the users who try to talk about that subject? Is there any way of smart filtration before a user can submit his/her question/opinion?
Is there a way to control the forum before a user can submit to it; so that nobody will have the chance to read it?
Ok I know that someone will say that a forum must be open! That’s true but there are red lines; you know!
quote:
Originally posted by idiotprogram
if you have apache/mysql/php it is pretty easy to find good forum software. One of the best available now is phpBB. But there are really many. Usually the instructions for these programs are on the site where you can download the forum. My observation has been that developers often post security/bug reports. I know PhpBB had a major vulnerability that was addressed recently.
I'm no programmer, but from the administrator's point of view, forum vulnerabilities usually arise from forgetting to set the permissions right or leaving the default password.
A lot of the vulnerabilities can arise from the scripting language you use (i.e., php). Interestingly, being able to deploy and patch applications like this is pretty important to administrators, and yet Master CIW Administrator exams hardly test this. And the 1D0-441 CIW Database Specialist exam just covers basic sql principles.
Of course, it's unreasonable for the exams to test on specific applications with different platforums. But it's interesting that the ciw exams don't appear to test about patching procedures.
rj
| |
|
| quote:
Originally posted by Narm
[B]Is there any way of smart filtration before a user can submit his/her question/opinion?
Is there a way to control the forum before a user can submit to it; so that nobody will have the chance to read it?
You can establish filters that will scan for certain words. Most boards will use this to look for "vulgar" words - and often to replace them with nonsense text to avoid offense. But there's no intrinsic reason you couldn't use the same technique, e.g., to prevent a post from posting, or to cause a post to be emailed to you before it goes on the board.
Problem is, while it's fairly simple to scan for four-letter words, it's fairly difficult to scan for, say, religious content - there are a lot of terms that would need to be screened, and the same terms could be used for completely innocuous posts.
Some commercial sites manually screen all posts before they are posted publicly - so you may have a 24- to 48-hour delay in between when you submit a post and when you see it on the board. This is the most foolproof method of controlling content, but is not the best approach if you have a very active board, where people engage in conversations with one another - where you may need more "immediacy".
A close second is having a moderated forum, placing a link in every post that enables that post to be reported to a moderator, and making sure that a mod is always around. The mod may occasionally miss something, but it's unlikely that they would miss a large, ongoing discussion where people are becoming offended... This would allow more immediacy of discussion, but still give reasonable control.
In my experience, moderated forums work best if the forum rules are stated very clearly, and if moderators explain why they have deleted posts. Where mods don't do this, you can get all kind of speculation about what's going on, and why, and it doesn't help the forum regulars understand what the rules are.
Oh - and if you draw lines more starkly than other sites do, expect reasonable hostility from folks who believe you're violating their free speech rights... ;-) It doesn't mean you can't regulate speech on your own forum (although, trust me, you will run into lots of people who think that it's unconstitutional for you to do so) - but you will need to be prepared to respond calmly and nondefensively to explain what you have done, and why, or things can get a bit hostile... | |
|
|
| Hacker 2002-06-04, 2:47 am |
| quote:
[i]
1- A site with information on how to build a web forum using php & mysql.
www.sitepointforums.com
2- Any site that sells FORUMS.
www.vbulletin.com
3- Any site talking about forums security issues, and how to make your forum more secure against intruders and bad hackers?
www.cissp.org
My best regards. [/B]
| |
|
| Very informative answers
Thank you friends
I have downloaded phpBB just amazing, but still i need more study to the security issues.
Thank you again. |
|
|
|
|