Vanilla 1 is no longer supported or maintained. If you need a copy, you can get it here.
HackerOne users: Testing against this community violates our program's Terms of Service and will result in your bounty being denied.
Options

Vanillla Hack Safety?

edited January 2007 in Vanilla 1.0 Help
Hey all, Im wondering, how many users can vanilla handle and im surely need to know if vanilla is hacker safe and what are de backdoors or bugs to fix? to make or run a safe board! (if server side is hacker close so far as possible)

Comments

  • Options
    Can't see it having trouble with many users, though the design is clearly not suited to many posts per minute because everything is shown on the index page. Vanilla looks well-coded, but only use extensions which you really need in case they introduce security holes. Having used phpBB for a long time I'm surprised to see no threads here along the lines of "my forum has gone/been hacked". I wonder how much of this is due to Vanilla being relatively unknown; it could still probably be exploited by spam bots.
  • Options
    Ah This is good to know! i hope vanilla stay secure! Thanks.. any other problems or something u know post it please
  • Options
    edited January 2007
    As Ziyphr says, the only problems that may occur are with the extensions and when they include files or something like that.

    Cookies are safe - http://lussumo.com/community/discussion/2371/ - and basically all other security issues that are php related in the realm of vanilla have been patched, unless they havent been found and there is a certainty that they have been found.

    The only little trick that i have ever found is when a server time changes in and out of daylight savings time and the timestamp plays around a bit and newer comments get sent about an hour before the older comments were sent, but that isnt usually a main problem.

    With the speed issues, i'm sure that you'll be fine with that because Vanilla is going to be released in a situation that will completely dwarf your situation and in their testing they havent had any problems with vanilla, so dont loose sleep on that.

    with spam bots, they shouldnt be a problem unless someone is lazy enough to allow applicant to go straight to membership status. In that case someone might figure out something but it would probably be quickly encountered and fixed by vanilla developers. If your wanting to know, spam bots have been made and used against this very forum and one or two have gone straight through Mark's watchful eyes, but they were killed pretty quickly and then fixed so they dont come back. Also, since double posting and posting excess able amounts of data is near impossible thanks to Mark, it shouldnt be much if any of a problem if people are willing to do the hard yards and approve membership manually.

    If there's anything that i've missed, please feel free to add :D
  • Options
    edited January 2007
    I am sure Vanilla, like any other application, has flaw that we haven't found yet,
    But Vanilla is more secure than other forum because:
    • Vanilla and its extensions are using a framework. It easier to spot a flaw and to correct it.
    • it doesn't relay on insecure methods like register global on (and have not built an equivalent)
    • And if a flaw is found, It is easy to update: You don't have to reinstall every extension or patch after an update.
  • Options
    This is nice! :D
This discussion has been closed.