[Web4lib] phpBB Alternative
Andrew R Stevens
asteven4 at gmu.edu
Fri Apr 11 18:43:25 EDT 2008
This thread covers the issue and athakur999 response jibes with my
understanding of the GPL.
http://www.phpbb.com/community/viewtopic.php?p=2828800&sid=40c921132e49f3318cf1feb5f253e704#p2828800
You can modify GPL software to your heart's content, but you can't
redistribute the modified version under a license other than GPL. In
short, you could strip out the "powered by" text,
Cloutman, David wrote:
> I'm looking at Vanilla too, now. I did the install yesterday. I haven't
> reached a final conclusion about it, yet. It seems a bit more straight
> forward than phpBB, but the permissioning system isn't as intuative as I
> might like. I hope once I figure it out, though, everything else is
> cake.
>
> On the security issue, phpBB definitely has a _history_ of security
> problems. Part of the problem, of course, it that it's so widely used,
> that a phpBB installation is a honeypot for hackbots. It might help if
> the public interface didn't say "phpBB" on the frontpage by default.
> Technically, I'm unclear as to whether I'm allowed to remove the
> copyright statement from the software under GPL. I really don't like
> advertising what software I'm using, though I'm not under the illusion
> that obscurity == security.
>
> Anyhow, the directory structure of phpBB is such that directories that
> should be private are placed in the document path. These days, I would
> never build a Web application that way. I'd put the installation in a
> completely different directory and use symbolic links in the document
> path to point to the public directory. I realize that probably adds a
> level of complexity to the installation process that some users might
> not be comfortable with, but it's a better design pattern.
>
> - David
>
>
> ---
> David Cloutman <dcloutman at co.marin.ca.us>
> Electronic Services Librarian
> Marin County Free Library
>
> -----Original Message-----
> From: web4lib-bounces at webjunction.org
> [mailto:web4lib-bounces at webjunction.org] On Behalf Of Andrew Stevens
> Sent: Friday, April 11, 2008 10:08 AM
> To: web4lib at webjunction.org
> Subject: Re: [Web4lib] phpBB Alternative
>
>
>
> I looked at Vanilla as well and generally like what I saw. Another
> thing that vanilla has over most other forum packages is that it has
> relatively few reported security vulnerabilities, while phpbb, according
>
> to Ed Finkler's research (see link below), is one of the most insecure.
>
> Ed Finkler
> funkatron.com :The PHP App Insecurity Top 20
> <http://funkatron.com/index.php/site/the_php_app_insecurity_top_20/>
>
> Chris Barr wrote:
>> Vanilla has a nice simple interface:
>>
>> http://getvanilla.com/
>>
>> --chris barr
>>
>> Cloutman, David wrote:
>>> Hi Everyone,
>>>
>>> I have a need to set up a forum for my Library's summer reading. We
> are
>>> hosting it internally on our Library's application server. I have
>>> installed phpBB, which seems to be the most popular tool for this. My
>>> problem is that I don't think phpBB is all that great. The more I use
>>> it, the more I hate it. I find the interface confusing, and I think
> our
>>> users may have problems with it as well. I'm particularly concerned
>>> about the Librarians who will have to moderate the posts. I don't
> want
>>> to have to do a formal training session on what really needs to be a
>>> quick and dirty solution.
>>>
>>> I am looking for a forum tool that:
>>>
>>> 1. Runs on PHP / MySQL OR JSP / MySQL / Tomcat and is easy to
> install.
>>> 2. Has a really simple interface.
>>> 3. Has a obvious mechanism for changing the branding of the masthead.
>>> 4. Has enough granularity in the security sytem to allow for
> registered
>>> users / moderators / administrators.
>>> 5. Permits the administrator to require approval of posts.
>>> 6. Has a really simple interface. (Yes, I said that twice.)
>>>
>>> Any recommendations or library success stories would be much
>>> appreciated.
>>>
>
More information about the Web4lib
mailing list