On Wed, 2012-08-08 at 20:07 +0100, Karanbir Singh wrote:
> On 08/08/2012 08:01 PM, John R. Dennison wrote:
> > phpBB has one of the worst track records for forum packages with regards
> > to security issues and they have, as Les mentioned, been promising to
> > "fix" the heart of the problem for many, many years now. Quite a few
> > years ago I grew tired of the "phpBB security hole of the week" game,
> > transitioned everything to SMF, and never once looked back. I routinely
> > turn down gigs that want phpBB if I am unable to convince them to go
> > with SMF - it's just not worth the headaches.
> Is it possible to quantify this phpbb security issue ?
I see that the security issue risk has already been debunked but wish to
ass my personal opinion. +1 for phpbb 3.x
I have been running 3 phpbb3 forums since 2009, and in that time have
had zero problems with security issues. The admin pages warn you if you
are not up to date and updates are easy. There has not been anything
significant for quite some time. 2 of these 3 sites rank quite highly on
google searches for the content in question, so they are visible.
The only mod I required was for a 'quick reply' box so that you could
enter your reply without having to load the full blown editor.
Updates have been quick and easy to install, even to the point of
automating diffs of the slightly patched theme and letting you review
the changes. I have not had to reinstall my mod, despite the newer
template patches being merged in.
Themes are plentiful (though many dont stretch properly to a wide screen
monitor - a personal annoyance of mine) but its not hard to find one
that does on one of the phpbb3 theme sites.
The app scales well, My three forums are running on a one old pentium 4
chassis, and one of the forums record a record of 50 concurrent users,
yet the load monitoring shows cpu load rarely exceeds 5%.
It works well on centos 5 & 6
It is highly configurable, I can confirm the wish list matrix is still
correct. Its also widely used and supported - if you need to figure
something out its not hard to find info.
CentOS-devel mailing list