[Web4lib] phpBB Alternative

Cloutman, David DCloutman at co.marin.ca.us
Fri Apr 11 16:26:42 EDT 2008 

I'm looking at Vanilla too, now. I did the install yesterday. I haven't
reached a final conclusion about it, yet. It seems a bit more straight
forward than phpBB, but the permissioning system isn't as intuative as I
might like. I hope once I figure it out, though, everything else is
cake.

On the security issue, phpBB definitely has a _history_ of security
problems. Part of the problem, of course, it that it's so widely used,
that a phpBB installation is a honeypot for hackbots. It might help if
the public interface didn't say "phpBB" on the frontpage by default.
Technically, I'm unclear as to whether I'm allowed to remove the
copyright statement from the software under GPL. I really don't like
advertising what software I'm using, though I'm not under the illusion
that obscurity == security. 

Anyhow, the directory structure of phpBB is such that directories that
should be private are placed in the document path. These days, I would
never build a Web application that way. I'd put the installation in a
completely different directory and use symbolic links in the document
path to point to the public directory. I realize that probably adds a
level of complexity to the installation process that some users might
not be comfortable with, but it's a better design pattern.

- David


---
David Cloutman <dcloutman at co.marin.ca.us>
Electronic Services Librarian
Marin County Free Library 

-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Andrew Stevens
Sent: Friday, April 11, 2008 10:08 AM
To: web4lib at webjunction.org
Subject: Re: [Web4lib] phpBB Alternative



I looked at Vanilla as well and generally like what I saw.  Another 
thing that vanilla has over most other forum packages is that it has 
relatively few reported security vulnerabilities, while phpbb, according

to Ed Finkler's research (see link below), is one of the most insecure.

Ed Finkler
funkatron.com :The PHP App Insecurity Top 20
<http://funkatron.com/index.php/site/the_php_app_insecurity_top_20/>

Chris Barr wrote:
> Vanilla has a nice simple interface:
> 
> http://getvanilla.com/
> 
> --chris barr
> 
> Cloutman, David wrote:
>> Hi Everyone,
>>
>> I have a need to set up a forum for my Library's summer reading. We
are
>> hosting it internally on our Library's application server. I have
>> installed phpBB, which seems to be the most popular tool for this. My
>> problem is that I don't think phpBB is all that great. The more I use
>> it, the more I hate it. I find the interface confusing, and I think
our
>> users may have problems with it as well. I'm particularly concerned
>> about the Librarians who will have to moderate the posts. I don't
want
>> to have to do a formal training session on what really needs to be a
>> quick and dirty solution.
>>
>> I am looking for a forum tool that:
>>
>> 1. Runs on PHP / MySQL OR JSP / MySQL / Tomcat and is easy to
install.
>> 2. Has a really simple interface.
>> 3. Has a obvious mechanism for changing the branding of the masthead.
>> 4. Has enough granularity in the security sytem to allow for
registered
>> users / moderators / administrators.
>> 5. Permits the administrator to require approval of posts.
>> 6. Has a really simple interface. (Yes, I said that twice.)
>>
>> Any recommendations or library success stories would be much
>> appreciated.
>>


_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/


Email Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm

More information about the Web4lib mailing list