| 8:35 pm on May 25, 2004 (gmt 0)|
PHPNuke will do the job, but if you just need a forum, then use just forum software.
If you aren't going to use PHPNuke's extra features, why bother with it? It generates bigger page files, takes more server time to generate a page, and I've seen some people get overwhelmed by the layout of the blocks.
If you will use the extra features of PHPNuke, then go for it. And also check out alternatives like Drupal or Geeklog.
| 8:36 pm on May 25, 2004 (gmt 0)|
One good choice would be Geeklog with its forum plugin.
| 8:40 pm on May 25, 2004 (gmt 0)|
I use discus. They have a nice free version which has served me for years. It's in perl and is a mature product.
| 8:45 pm on May 25, 2004 (gmt 0)|
Im moving 100% away from phpNuke, too many hacks to deal with. Should be coded more with security in mind.
| 10:42 am on May 26, 2004 (gmt 0)|
I'm interested in your comments about moving 100% away from Php-Nuke.
I don't wan't to assume anything from your comments, however, it seems that you have had some "Not So" favorable issue (if I can use those words) with Php-Nuke. Would you care to expound upon them?
| 3:03 pm on May 26, 2004 (gmt 0)|
There's been kind of a buzz about security issues with PhpNuke, which might be a partial answer to your question, klickman - can anyone comment on whether there's anything to this issue, and whether the current distribution is reasonably secure?
| 3:37 pm on May 26, 2004 (gmt 0)|
PHP-Nuke and security:
My BBS is hosted off a server that's run (as a hobby) by a friend who's in the security business, as a project manager for one of the "big" security companies (he rose out of tech side - he knows what he's doing, he's not an MBA type project manager).
I asked him once if he could set aside a PHP directory for me, so I could play with and familiarize myself with PHP-Nuke, and a few other PHP packages in general.
He told me he would do it quite readily, in about 10 years when the security issues got worked out with PHP in general.
Its not just Nuke, aparently, there are a lot of issues with PHP in general. Nuke is just gaining a really bad rap because its widespread among the script kiddies, who use it and mod it heavily, taking a moderately unsecure platform, and opening up gaping big holes by tinkering with it in un-intelligent ways.
| 3:54 pm on May 26, 2004 (gmt 0)|
did a quick search:
gives a STAGGERING list of PHP-Nuke vulnerabilities.
A couple of specific ones:
NB: All the security wonks I know swear by Perl related apps for dynamic pages, BBSes, and such.
| 4:05 pm on May 26, 2004 (gmt 0)|
What an interesting response. I think that you may have opened up a "Can of Worms!" However, I must say an "Intersting Can of Worms" at that.
I must admit. At this point I think I need to take a step back and look at at the type of software that we want to use more closely.
Now the issue is whether Php,Cgi or any other format for that matter, what is going to be suitable for our forum in terms of forum security and reliability?
I guess the other related question regarding this matter is (and trust me it hasn't been dealt with yet) Is PhpNuke secure or stable enough to ward off attacks?
I believe any software is subject to attacks if given the zealous hacker time and reason.
The question that keeps popping in my mind is "Is PphNuke stable enough to run a forum?" If not why? I am sure that there must be a couple of PhpNuke users here who can shed some light on their experiences with this software...right? I sure hope so!
| 9:32 pm on May 26, 2004 (gmt 0)|
OH! I don't mean to slage Nuke by any means. The only reason I know there were security issues at all, is because I found the software fascinating, and was thinking of giving it a try.
There are a lot of successfull Nuke sites out there. From what I can gather, security wise, the issues are thus:
If you're putting it on your own server, best to brush up on your server security info. Nuke is going to create some holes that weren't there before, but by and large, there holes that can be plugged, from server side.
If you're putting it on a "hosted" server, make sure its PHP friendly. If so, then those server admins are prolly well aware of any security issues involved, and are actively seeking to confront those issues.
Stability: The Nuke sites I've seen seem quite stable, quick and responsive. But this is an outsider's view.
My Security Wonk Friend: Is paranoid to the power of 40. That's his job. Keep that in mind.
| 12:41 am on May 27, 2004 (gmt 0)|
Please be advised that i have not read 100% of the replies in this thread as i am out of time righ tnow...
I just wanted to give you a suggestion and that is:
STAY AWAY FROM PHPNUKE. lol
I have had nothing but problems with it from day 1.
Now if u have a phpnuke install and leave it stock, that might be a totally different story, but if u will be modding it, changing themes, trying to hack the forum it comes with (phpbb) u will have a SERIOUS load of problems.
My advise is to try something else that is more specfic to what u are doing.