dupal1.no wrote:
> Please , explain. Maybe I will learn something :-}
>
>
>
> Susan Stewart skrev:
>> dupal1.no wrote:
>>
>>> Hi Tim
>>> I supose it's the phpbb wich are the best. http://www.phpbb.com/
>>>
>>
>> Ugh. phpbb is a security nightmare, not to mention
a maintenance one.
>>
>> Susan
>>
>
phpbb isn't actually modular like drupal -- its add-ons
require code to
be cut-and-pasted by hand into the phpbb core files. This
is a VERY
error-prone process, and a mistaken paste can break the
whole system
visibly -- or worse, invisibly with a gaping security hole
that isn't
obvious to the average admin. Also, this becomes
complicated the more
add-ons you get, as line numbers change (pasting 14 lines of
code at
line 31 for module X makes your paste for module Y at line
984 31 lines
off), making the insertion of add-on code even more
error-prone.
In order to upgrade to a new version or security patch, you
must
re-install (i.e. re-cut-and-paste all of the add-ons you
have).
Security patches don't come along as fast as I'd like them,
but that's a
matter of personal preference, I guess. I have extremely
high
expectations for that sort of thing.
What's worse is the security holes that don't get fixed. I
ran a phpbb
forum for a couple of months, and discovered several
cross-site
scripting, request forgery, and other vulnerabilities. (I'm
no security
expert, I'm sure there are more.) Most of them had already
been in the
phpbb issue tracker for weeks or more without being handled,
and some
were critical.
It's entirely possible that phpbb has gotten their act in
order since I
ran it a year and a half ago, but their reputation says
otherwise. I'm
quite happy with drupal forums (though I'd like to see some
of the
changes we discussed during Drupalcon last month come
through to make
them even better). I can't imagine using phpbb again.
Susan
--
[ Drupal support list | http://lists.drupal.org/
]
|
