Win a copy of Spring in Action (5th edition) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Security of JForum  RSS feed

 
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!

On your homepage you state that JForum is "very secure". What exactly does this mean? Can administrators only log in using https to avoid sending passwords in plaintext through the internet? Or should they install a client-certificate instead?

After logging in a few minutes ago, I was very surprised, that no e-mail validation happened. So how can I prevent, that my forum is flooded by spam?

--
Cheers,
Camper
[originally posted on jforum.net by camper]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is security at the application level and security at the web level. HTTPS is security at the web level. You can't use it unless your web server has a certificate, either the private or "trusted" kind. As to individual Certificates... that's more of a web / security level issue as well. Don't know of any general application that supports that.

Of course, since jForum has an SSO mechanism, you can front end it with any Web base security mechanism you feel you need for security.

As to other features:

e-mail validation on registration - can be turned on or off.. requires a good SMTP service.. which Raphael opted not to maintain for this server.

Captcha (enter phrase from image) - can be turned on for either / both registration and new posts.

Over all / Specific Group security - The group permissions can be used to define the level of "anonymous" access you want to having specific people only see specific forums, etc. Plus things like searching have been set up to honor the security constraints as well.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
another security feature could be that it's most likely not responding to sql injection trials ... ^^

... considering how many apps on the web had such a leak... that's rather something good ;) even phpbb at some point like last year still had an sql injection flaw for several pages
[originally posted on jforum.net by Sid]
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!