• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Devaka Cooray
  • Tim Cooke
Sheriffs:
  • Rob Spoor
  • Liutauras Vilda
  • paul wheaton
Saloon Keepers:
  • Tim Holloway
  • Tim Moores
  • Mikalai Zaikin
  • Carey Brown
  • Piet Souris
Bartenders:
  • Stephan van Hulst

Security of JForum

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi!

On your homepage you state that JForum is "very secure". What exactly does this mean? Can administrators only log in using https to avoid sending passwords in plaintext through the internet? Or should they install a client-certificate instead?

After logging in a few minutes ago, I was very surprised, that no e-mail validation happened. So how can I prevent, that my forum is flooded by spam?

--
Cheers,
Camper
[originally posted on jforum.net by camper]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There is security at the application level and security at the web level. HTTPS is security at the web level. You can't use it unless your web server has a certificate, either the private or "trusted" kind. As to individual Certificates... that's more of a web / security level issue as well. Don't know of any general application that supports that.

Of course, since jForum has an SSO mechanism, you can front end it with any Web base security mechanism you feel you need for security.

As to other features:

e-mail validation on registration - can be turned on or off.. requires a good SMTP service.. which Raphael opted not to maintain for this server.

Captcha (enter phrase from image) - can be turned on for either / both registration and new posts.

Over all / Specific Group security - The group permissions can be used to define the level of "anonymous" access you want to having specific people only see specific forums, etc. Plus things like searching have been set up to honor the security constraints as well.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
another security feature could be that it's most likely not responding to sql injection trials ... ^^

... considering how many apps on the web had such a leak... that's rather something good ;) even phpbb at some point like last year still had an sql injection flaw for several pages
[originally posted on jforum.net by Sid]
 
Where all the women are strong, all the men are good looking and all the tiny ads are above average:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic