posted
I'm setting up a web site for my sister's wedding, and I have some basic forum software I'd like to set up to let guests chat about the wedding, make plans to meet or get picked up at the airport, etc. However, distributing passwords will be difficult. How crazy is it to allow non-registered users to post to a forum?
Are there a lot of people who go around looking for forums to post crap in?
posted
We gave passwords for our wedding site, and I can tell you freaks tried to get in more than once.
Posts: 3526 | Registered: Oct 2001
| IP: Logged |
posted
A Wiki might be a good alternative to a regular forum. They have very powerful CVS system that allows you to rollback new (malignant) posts.
Posts: 903 | Registered: May 2003
| IP: Logged |
posted
No, not really. The main difficulty is identifying who everyone is when they just show up as 'Guest'. Sakeriver allows guest posting, and they've only had one or two spam posts (that I've seen).
Posts: 5422 | Registered: Dec 2001
| IP: Logged |
posted
True, I had forgotten that option. In phpbb you can set account activation to 'none' so they don't have to wait for an e-mail or any of that goofy stuff.
Posts: 5422 | Registered: Dec 2001
| IP: Logged |
posted
I'll think about that option, but I'm not sure how it works in my setup. I'm using Mambo for CMS and SimpleBoard for the forums because it integrates with Mambo more easily than most others.
The forums won't be critical to the site, so I may just let things ride and lock them down if trouble starts. Sake's experience makes me feel a lot better about it.
posted
Just make sure that, whatevr you do and whatever you go with, you have the safest version possible. From what I've been reading - and unfortunately, I'm at that level of knowledge where I know enough to be dangerous, not useful - a lot of them can be exploited very easily and a hacker can take over your entire site. Especially if you're using an older version with a known exploit.
Other geeks, much geekier than I, can give you good advice on what to do and what not to do.
posted
Heh. Basically, there are tons of crappy forum softwares out there, at least as far as security is concerned. Heck, they're generally crappy as far as coding standards go, which is usually why the security is crappy.
I can't count how many forum softwares out there sprinkle SQL all over the place instead of abstracting them out into library functions (well, usually methods on an access object), virtually guaranteeing that under some circumstance there's an SQL injection attack possible.
Posts: 15770 | Registered: Dec 2001
| IP: Logged |
posted
It's OK - I'm still learning the ropes. The menu system isn't as flexible as I like. For instance, I can't add all the articles in a given category to the menu. I have to manually add a menu item for each article I want to appear. It also has a security model that's not flexible enough to handle fine-grained availability.
But, it allows me to get content up far faster than I could otherwise, and in a fairly well-organized fashion. The templating system is decent, although it uses tables for layout, and the search capabilities are good.
Plus, there's a lot of modules and components available for it.
As for security, there has been one SQL injection attack hole that was recently fixed. I can't speak to whether it's totally secure, though.
Printer-friendly view of this topic
![[Big Grin]](biggrin.gif)
