RSS feedWhy a blog? Apparently some team members had to get some stuff off their mind. But whats it all about then? Already three blog posts have been published with some very interesting information.
It seems that wGEric was getting a lot of complaints about the long process of mod validation. As we can see here too
It is a clear statement of what needs to be done before a mod is validated, and what you should do to make it happen fast.Also battye has posted some interesting stuff about managing your forum on not only a technical level, as webmaster and administrator, but also on a user level to ensure your users of profits from your website in a great way.
All very nice and good information.
But what really stands out is the information provided by Kellanved.
It seems that certain rumors about security problems with phpBB3 are still wandering around. He is talking about an XSS problem with the private messaging system, SQL injection and administrator powers,
and is constantly referring too a certain th0r. Who is this guy?
As Kellanved tells us, google him and you will see. So I did.
http://th0r.info/
This is the website that Kellanved, apparently, was referring to.
It is a hacker website as it seems, and is full of info about insecure websites, and other minor failures of which hackers could profit. But as Kellanved explains. There is no such thing as an XSS problem. You cannot inject SQL into phpBB3 and you can certainly not give yourself administrator powers as a guest or registered user. Though these problem have been there. When?
Well Kellanved tells us: "Fixed a loooong time ago"
So his message really is, report anything you find, even if you are not sure.
But do not listen to these stories. Find error's yourself, and report them. If none, then phpBB is going the right way. But it seems that phpBB’s reputation regarding security has not yet recovered completely.
Cheers
This one is great.