• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Security of JForum

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!

On your homepage you state that JForum is "very secure". What exactly does this mean? Can administrators only log in using https to avoid sending passwords in plaintext through the internet? Or should they install a client-certificate instead?

After logging in a few minutes ago, I was very surprised, that no e-mail validation happened. So how can I prevent, that my forum is flooded by spam?

--
Cheers,
Camper
[originally posted on jforum.net by camper]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is security at the application level and security at the web level. HTTPS is security at the web level. You can't use it unless your web server has a certificate, either the private or "trusted" kind. As to individual Certificates... that's more of a web / security level issue as well. Don't know of any general application that supports that.

Of course, since jForum has an SSO mechanism, you can front end it with any Web base security mechanism you feel you need for security.

As to other features:

e-mail validation on registration - can be turned on or off.. requires a good SMTP service.. which Raphael opted not to maintain for this server.

Captcha (enter phrase from image) - can be turned on for either / both registration and new posts.

Over all / Specific Group security - The group permissions can be used to define the level of "anonymous" access you want to having specific people only see specific forums, etc. Plus things like searching have been set up to honor the security constraints as well.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
another security feature could be that it's most likely not responding to sql injection trials ... ^^

... considering how many apps on the web had such a leak... that's rather something good ;) even phpbb at some point like last year still had an sql injection flaw for several pages
[originally posted on jforum.net by Sid]
 
reply
    Bookmark Topic Watch Topic
  • New Topic