[ubuntu-uk] Web forum software for Ubuntu (Edgy server) - recommendations wanted

Paul Tansom paul at aptanet.com
Thu May 31 18:13:43 BST 2007 

** Lee Tambiah <leetambiah at ossgeeks.co.uk> [2007-05-31 17:15]:
> >
> >** Simon Elliott <ubuntu at sionide.net> [2007-05-30 23:08]:
> >I also avoid aptitude (or equivalent) installs of web applications
> >because they tend to lag behind in terms of patches which I like to keep
> >bang up to date with - personal opinion though :)
> >
> >--
> >Paul Tansom
> >
> I'd second that! But lets not put FUD into PHP, it is secure providing it
> has been programmed to be secure! Providing you keep upto date you shouldn't
> have any major security exploits. I run a wordpress blog which is php based,
> and never had any security issues. But I believe my hosters have a lot a
> good set up to prevent exploits.
> 
> Lee
** end quote [Lee Tambiah]

Not intending to FUD anyone there, I'm hoping I managed to stick to
facts, although your quoted section misses the main PHP comment. PHP I
do keep maintained via aptitude, but an application such as PHPBB,
Joomla, Squirrelmail or etc. (PHPBB being the only one I've run on the
server) I tend to go straight to source with for both flexibility and
speed of updates.

I am no PHP programmer, largely due to lack of time and need to use it,
but also I wasn't too keen on the way it jumbled up within the HTML of a
web page (although this is partly the personal choice of the programmer
of the code I looked at way back when). I've read many comments on
design choices within PHP being inherently insecure, but then I've also
read comments detailing that these are only insecure when combined with
particular programming styles - so where the blame lies is open to much
debate :)

My comment was based on one incident on a fully patched installation of
PHP and PHPBB on a Debian stable server (I think only the last part was
missing from my original), as I commented. The rest of my personal
dislike was directed at PHPBB, and again is personal opinion - based on
far too much time spent clearing out unwanted users and posts. If
someone can suggest a could selection of mods and an easy way of
maintaining them across updates I may try it again - it is popular
enough, so it can't be that bad can it - hmm, could that be said of
Windows ;)

-- 
Paul Tansom | Aptanet Ltd. | http://www.aptanet.com/
====================================================================                                
Aptanet Ltd. | Registered in England | Company No: 4905028                                          
Registered Office:                                                                                  
Crawford House, Hambledon Road, Denmead, Waterlooville, Hants., PO7 6NU

More information about the ubuntu-uk mailing list