[BETA] phpBB Passport 0.2.2 (NOW OUT!)

[WebspaceUK]

I have this problem...

My forum doesnt use subsilver template, so when i log in using passport, the account uses the first template by alphabetical order and not the borad's default.

there is some way to fix that?

The best way to fix it is by going to ACP > Configuation and checking "Overwrite users Template".

Hope this helps

James

[psoTFX]

I have some serious concerns about this Mod ... two are noted in a message sent to webspace UK.

To make that clear here. phpBB Group and phpbb.com have absolutely nothing to do with this whatsoever. It is not endorsed by us nor are responsible for it or its oversight. Do not contact us (phpBB Group, team members, etc.) concerning anything related to this.

Secondly it is appropriate that users be informed this is ad based before they download and install it.

Thirdly there are significant consequence re: data integrity and security. It is essential that you look at these issues before continuing this Mod IMHO. If you do not you are opening yourself up to potential lawsuits. Make of this what you will, ignore it if you like ... but be warned you're walking through a minefield "as is"

[WebspaceUK]

I have some serious concerns about this Mod ... two are noted in a message sent to webspace UK.

To make that clear here. phpBB Group and phpbb.com have absolutely nothing to do with this whatsoever. It is not endorsed by us nor are responsible for it or its oversight. Do not contact us (phpBB Group, team members, etc.) concerning anything related to this.

Secondly it is appropriate that users be informed this is ad based before they download and install it.

Thirdly there are significant consequence re: data integrity and security. It is essential that you look at these issues before continuing this Mod IMHO. If you do not you are opening yourself up to potential lawsuits. Make of this what you will, ignore it if you like ... but be warned you're walking through a minefield "as is"

Hi,

I agree that no users should ask for support here, and any support requests should be posted at http://www.phpBBPassport.com. phpBB has nothing to do with this and so do not pest the nice people here and send all your problems to www.phpBBPassport.com.

CyberAlien, who seems to be the only person who does not like the ads, but as I understand many people do not wish to have the text ads, I will remove this in the next version. You must understand that servers cost money, however we will try another method to gain the expenses more on the phpBBPassport website.

Regarding Security and and the Data Protection act. We have tried hard to make the script has secure as possible, it is highly encrypted, and should anyone get through the encryption (Which is almost impossible), the MySql only has permission for the SELECT statment.

We will like to be able to show phpBB the unencrypted file for your approval so that you know that there is nothing wrong inside the script. You can then encrypt it using our system and check both the files we are publishing and the one we sent unencrypted are the same. Could I have some contact details for me to do this. We have got advice from a laywer and will send you details later, as I have to go out now.

I look forward to your reply's,

Regards,

James P-M

[psoTFX]

re: source ... We've already looked at the "unecrypted" passport.php source

re: disclaimer ... it's less about asking us for support and more about distancing ourselves from the operation. The use of "phpBB" in the domain and project name will indicate to many (most) that we have at least a tacit connection, we don't.

re: advertising ... It's appropriate that should you include advertising that users be made aware of its presence before they download.

re: security ... My concerns about data integrity and security revolve around who has access to the server? How do you ensure security during the login procedure (lack of SSL for authentication for a single board isn't an enormous deal ... lack of SSL for a centralised system is)? How is data stored in the DB? Is it encrypted (and I mean encrypted ... not run through a non-encrypting algorithm a few times ) to reduce problems should the system be compromised? What legal framework do you have in place to cover yourselves and other users should the worst happen? Ya see there is a lot here to consider and I'm personally not convinced you've thought it all through ... no offence.

It's a brave idea but one which needs to be built on a sound framework to reduce potential future problems.

[WebspaceUK]

re: security ... My concerns about data integrity and security revolve around who has access to the server? How do you ensure security during the login procedure (lack of SSL for authentication for a single board isn't an enormous deal ... lack of SSL for a centralised system is)? How is data stored in the DB? Is it encrypted (and I mean encrypted ... not run through a non-encrypting algorithm a few times ) to reduce problems should the system be compromised? What legal framework do you have in place to cover yourselves and other users should the worst happen? Ya see there is a lot here to consider and I'm personally not convinced you've thought it all through ... no offence.

Hi,

Only I have access to the Server root. We have an SSL Certificate from ComodoSecurityServicesCA which we will be installing later today for signups and Logins. The some data in the database is currently not Encrypted, for example the username, MSN, AIM ect, however the passwords are encrypted very highly. We have been notified by the Lawyer that as long as both parties agree, and that we have a good user agreement, then we are fine. When a user logs in, they are basically requesting us to send over their details, so its their choice whether to use it or not.

Rapid Dr3am can give you further information about this, as it was his Lawyer he contacted.

If you wish to contact me through MSN or any other method, please PM me and I will send you my contact details.

Thankyou, I understand that this is a big mod and will require alot of work put into the security and legal actions, but currently we have realy high security, and legal requirements are taking place right now.

Regards,

James Parmee Morris

ps. Once more, We are in no way in connection with phpBB and all support questions should be sent to us!

[DanielT]

:'( your site appear's to be down, any chance of a mirror for the d/l?

[Arty]

Regarding Security and and the Data Protection act. We have tried hard to make the script has secure as possible, it is highly encrypted, and should anyone get through the encryption (Which is almost impossible), the MySql only has permission for the SELECT statment.

You must be kidding. It took 2-3 minutes to write script that recursively decodes all levels of your simpliest ever encryption. And it contains host, login, password for database in PLAIN TEXT. You call that secure?

[fleccy]

is phpbbpassport.com down? because it's taken my site with it

[Arty]

yep, it is down. and i guess it won't be back up.

[fleccy]

yep it is and it's taken this site too http://www.desi-paradize.com/portal.php and all the other passport sites this is my site http://feeta.phpbbhost.biz/ you guys need a better webhost

[psoTFX]

Read what I've written above ... no offence to the work and intentions of the authors but there is more at stake here than uptime

[Rapid Dr3am]

We suspended the account temporarily.

We recomend anyone who installed this to uninstall immediately.

The site will go offline, by midnight GMT.

[fleccy]

why? id like to know any 1 h4x0r3d you?

[psoTFX]

Did you read what I've written fleccy? Or that of CyberAlien? ... those points alone should be enough to indicate why, righly IMO, webspaceUK and Rapid Dr3am have taken the system offline at present.

When they've addressed some fundamental issues of security, robustness and integrity perhaps their system will be ready for a more general audience.

[fleccy]

sorry i cant read