Open Hub
Open Hub
 

Reviews and Ratings

phpBB Forum Software
phpBB Forum Software
PhpBB is more secure than you think  
5.0
 
written over 15 years ago

More often than not, the most vocal critics of phpBB's security track record are those who know the least about security, in general. They hate phpBB because, so long as they're running phpBB, they'll feel like they always have to keep it up-to-date. So they use an alternative. So they don't have to stay up-to-date.

I can't even remember the last time phpBB had a vulnerability. In the runup to 3.0.0's release, phpBB even got a security audit from Stefen Esser:

http://www.sektioneins.de/content/en.4558.24.28502.content2.html

This is the same Stefan Esser that rsnake, of ha.ckers.org, said the following of:

"There aren’t many people on the Internet who I think could hack just about anything - but Stefan Esser is definitely one of them"

http://ha.ckers.org/blog/20070820/hackersorg-challenge-logic-flaw/

That, to me, suggests that phpBB really does care about security. More than any other open source project I know. When was the last time any of phpBB's competitors got Stefan Esser to do an audit for them?

And as for the fact that even phpBB3 has mentioned Security issues in their changelog... take a look at this:

http://secunia.com/advisories/graph/?type=cri&period=all&prod=17998

Two vulnerabilities of least critical kind since phpBB3 had its first beta almost three years ago. Contrast that with vBulletin:

http://secunia.com/advisories/graph/?type=cri&period=all&prod=3212

Twenty-three vulnerabilities, 9% of which have been highly critical, 35% of which have been less critical, and 43% of which have been less critical.

Or how about PunBB?:

http://secunia.com/advisories/graph/?type=cri&period=all&prod=3700

Fifteen vulnerabilities, of which 13% have been highly critical, 47% of which have been moderately critical, and 33% of which have been less critical.

And SMF:

http://secunia.com/advisories/graph/?type=cri&period=all&prod=5285

Twelve vulnerabilities, 8% of which have been highly critical, 33% of which have been moderatel critical, and 50% of which have been less critical.

If you're at all concerned about security, you should actually consider switching /to/ phpBB3 - not from it.

2 out of 3 users found the following review helpful.
Did this review help you? |