Blog Documentation Try Vanilla Cloud
Please upgrade here. These earlier versions are no longer being updated and have security issues.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

All Security Points; Keep your host and dashboard out of strange hands!

qwentyqwenty New
edited May 2012 in Vanilla 2.0 - 2.8

Plz, Share any your experience :) about how your forum is in a safe mode! a bit point can be useful as I maybe don't know that.

Hint anything can make our forum secure, far from black hackers hands! See this link which is MyBB security point, I was wondering if is there any such guideline for Vanilla or something you know that maybe others doesn't know it?!

As first, I've a question: for installing, it's need to grant to the below three folders the permission of 777(rwx); what about after installation process? will it swap to 755?

cache, conf, uploads

(/conf/config.php is keeping database username & password)

Tagged:

Answers

  • Options
    422422 Developer MVP

    Took me a minute or two to recognise the image lol

    There was an error rendering this rich post.

  • Options
    qwentyqwenty New
    edited May 2012

    Using different (and many) plugins, does it increase risk of being in hazardous?

    422 said:
    Took me a minute or two to recognise the image lol

    And then?

  • Options
    qwentyqwenty New

    Yeah! any point -> Does it mean Vanilla is completely SAFE? :-)

  • Options
    peregrineperegrine MVP

    qwenty said:
    Yeah! any point -> Does it mean Vanilla is completely SAFE? :-)>

    you might get a better answer using the null hypothesis

    In statistics, the only way of supporting your hypothesis is to refute the null hypothesis. Rather than trying to prove your idea (the alternate hypothesis) right you must show that the null hypothesis is likely to be wrong – you have to ‘refute’ or ‘nullify’ the null hypothesis.

    So a multivariate Analysis of Variance with a fourier transform shows it is 99% significantly safe :) . So not completely SAFE? :-)> .. but not incompletely unsafe. :) .. from
    http://www.null-hypothesis.co.uk/science//item/what_is_a_null_hypothesis

    I think you are asking an impossible question. its as safe as your host, as safe as your hosting provider, as safe as your operating system, as safe as your moderator,and so on...
    If seen updates when people report security concerns it is fixed pretty quickly. I think 2.18.0.2 or 3 was a security update.

    Haven't seen any security guidelines myself. I've seen a few sites linked put up by other users with vanilla forums here that allow viewing of the directory tree of vanilla (and probably the rest of the site) and the viewing of config.php - don't think that is a very good idea.

    I may not provide the completed solution you might desire, but I do try to provide honest suggestions to help you solve your issue.

Sign In or Register to comment.