[BETA] phpBB Passport 0.2.2 (NOW OUT!)

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
WebspaceUK
Registered User
Posts: 56
Joined: Sun Feb 08, 2004 3:16 pm
Contact:

Post by WebspaceUK »

DarkPepe wrote: I have this problem...

My forum doesnt use subsilver template, so when i log in using passport, the account uses the first template by alphabetical order and not the borad's default.

there is some way to fix that?


The best way to fix it is by going to ACP > Configuation and checking "Overwrite users Template".

Hope this helps ;)

James

User avatar
psoTFX
Former Team Member
Posts: 7425
Joined: Tue Jul 03, 2001 8:50 pm

Post by psoTFX »

I have some serious concerns about this Mod ... two are noted in a message sent to webspace UK.

To make that clear here. phpBB Group and phpbb.com have absolutely nothing to do with this whatsoever. It is not endorsed by us nor are responsible for it or its oversight. Do not contact us (phpBB Group, team members, etc.) concerning anything related to this.

Secondly it is appropriate that users be informed this is ad based before they download and install it.

Thirdly there are significant consequence re: data integrity and security. It is essential that you look at these issues before continuing this Mod IMHO. If you do not you are opening yourself up to potential lawsuits. Make of this what you will, ignore it if you like ... but be warned you're walking through a minefield "as is" ;)

WebspaceUK
Registered User
Posts: 56
Joined: Sun Feb 08, 2004 3:16 pm
Contact:

Post by WebspaceUK »

psoTFX wrote: I have some serious concerns about this Mod ... two are noted in a message sent to webspace UK.

To make that clear here. phpBB Group and phpbb.com have absolutely nothing to do with this whatsoever. It is not endorsed by us nor are responsible for it or its oversight. Do not contact us (phpBB Group, team members, etc.) concerning anything related to this.

Secondly it is appropriate that users be informed this is ad based before they download and install it.

Thirdly there are significant consequence re: data integrity and security. It is essential that you look at these issues before continuing this Mod IMHO. If you do not you are opening yourself up to potential lawsuits. Make of this what you will, ignore it if you like ... but be warned you're walking through a minefield "as is" ;)


Hi,

I agree that no users should ask for support here, and any support requests should be posted at http://www.phpBBPassport.com. phpBB has nothing to do with this and so do not pest the nice people here and send all your problems to www.phpBBPassport.com.

CyberAlien, who seems to be the only person who does not like the ads, but as I understand many people do not wish to have the text ads, I will remove this in the next version. You must understand that servers cost money, however we will try another method to gain the expenses more on the phpBBPassport website.

Regarding Security and and the Data Protection act. We have tried hard to make the script has secure as possible, it is highly encrypted, and should anyone get through the encryption (Which is almost impossible), the MySql only has permission for the SELECT statment.

We will like to be able to show phpBB the unencrypted file for your approval so that you know that there is nothing wrong inside the script. You can then encrypt it using our system and check both the files we are publishing and the one we sent unencrypted are the same. Could I have some contact details for me to do this. We have got advice from a laywer and will send you details later, as I have to go out now.

I look forward to your reply's,

Regards,

James P-M ;)

User avatar
psoTFX
Former Team Member
Posts: 7425
Joined: Tue Jul 03, 2001 8:50 pm

Post by psoTFX »

re: source ... We've already looked at the "unecrypted" passport.php source ;)

re: disclaimer ... it's less about asking us for support and more about distancing ourselves from the operation. The use of "phpBB" in the domain and project name will indicate to many (most) that we have at least a tacit connection, we don't.

re: advertising ... It's appropriate that should you include advertising that users be made aware of its presence before they download.

re: security ... My concerns about data integrity and security revolve around who has access to the server? How do you ensure security during the login procedure (lack of SSL for authentication for a single board isn't an enormous deal ... lack of SSL for a centralised system is)? How is data stored in the DB? Is it encrypted (and I mean encrypted ... not run through a non-encrypting algorithm a few times ;)) to reduce problems should the system be compromised? What legal framework do you have in place to cover yourselves and other users should the worst happen? Ya see there is a lot here to consider and I'm personally not convinced you've thought it all through ... no offence.

It's a brave idea but one which needs to be built on a sound framework to reduce potential future problems.

WebspaceUK
Registered User
Posts: 56
Joined: Sun Feb 08, 2004 3:16 pm
Contact:

Post by WebspaceUK »

psoTFX wrote: re: security ... My concerns about data integrity and security revolve around who has access to the server? How do you ensure security during the login procedure (lack of SSL for authentication for a single board isn't an enormous deal ... lack of SSL for a centralised system is)? How is data stored in the DB? Is it encrypted (and I mean encrypted ... not run through a non-encrypting algorithm a few times ;)) to reduce problems should the system be compromised? What legal framework do you have in place to cover yourselves and other users should the worst happen? Ya see there is a lot here to consider and I'm personally not convinced you've thought it all through ... no offence.


Hi,

Only I have access to the Server root. We have an SSL Certificate from ComodoSecurityServicesCA which we will be installing later today for signups and Logins. The some data in the database is currently not Encrypted, for example the username, MSN, AIM ect, however the passwords are encrypted very highly. We have been notified by the Lawyer that as long as both parties agree, and that we have a good user agreement, then we are fine. When a user logs in, they are basically requesting us to send over their details, so its their choice whether to use it or not.

Rapid Dr3am can give you further information about this, as it was his Lawyer he contacted.

If you wish to contact me through MSN or any other method, please PM me and I will send you my contact details.

Thankyou, I understand that this is a big mod and will require alot of work put into the security and legal actions, but currently we have realy high security, and legal requirements are taking place right now.

Regards,

James Parmee Morris

ps. Once more, We are in no way in connection with phpBB and all support questions should be sent to us!

DanielT
Former Team Member
Posts: 3324
Joined: Tue Aug 27, 2002 10:55 am
Contact:

Post by DanielT »

:'( your site appear's to be down, any chance of a mirror for the d/l?

User avatar
Arty
Former Team Member
Posts: 16654
Joined: Wed Mar 06, 2002 2:36 pm
Name: Vjacheslav Trushkin
Contact:

Post by Arty »

WebspaceUK wrote: Regarding Security and and the Data Protection act. We have tried hard to make the script has secure as possible, it is highly encrypted, and should anyone get through the encryption (Which is almost impossible), the MySql only has permission for the SELECT statment.

You must be kidding. It took 2-3 minutes to write script that recursively decodes all levels of your simpliest ever encryption. And it contains host, login, password for database in PLAIN TEXT. You call that secure?
Vjacheslav Trushkin / Arty.
Free phpBB 3.1 styles | New project: Iconify - modern SVG framework

fleccy
Registered User
Posts: 275
Joined: Mon Oct 27, 2003 8:26 am
Location: Manchester, UK

Post by fleccy »

is phpbbpassport.com down? because it's taken my site with it

User avatar
Arty
Former Team Member
Posts: 16654
Joined: Wed Mar 06, 2002 2:36 pm
Name: Vjacheslav Trushkin
Contact:

Post by Arty »

yep, it is down. and i guess it won't be back up.
Vjacheslav Trushkin / Arty.
Free phpBB 3.1 styles | New project: Iconify - modern SVG framework

fleccy
Registered User
Posts: 275
Joined: Mon Oct 27, 2003 8:26 am
Location: Manchester, UK

Post by fleccy »

yep it is and it's taken this site too http://www.desi-paradize.com/portal.php and all the other passport sites this is my site http://feeta.phpbbhost.biz/ :? you guys need a better webhost

User avatar
psoTFX
Former Team Member
Posts: 7425
Joined: Tue Jul 03, 2001 8:50 pm

Post by psoTFX »

Read what I've written above ... no offence to the work and intentions of the authors but there is more at stake here than uptime ;)

Rapid Dr3am
Registered User
Posts: 198
Joined: Sun Jul 13, 2003 4:14 pm
Location: Incommunicado
Contact:

Post by Rapid Dr3am »

We suspended the account temporarily.

We recomend anyone who installed this to uninstall immediately.

The site will go offline, by midnight GMT.

fleccy
Registered User
Posts: 275
Joined: Mon Oct 27, 2003 8:26 am
Location: Manchester, UK

Post by fleccy »

why? id like to know any 1 h4x0r3d you?

User avatar
psoTFX
Former Team Member
Posts: 7425
Joined: Tue Jul 03, 2001 8:50 pm

Post by psoTFX »

Did you read what I've written fleccy? Or that of CyberAlien? ... those points alone should be enough to indicate why, righly IMO, webspaceUK and Rapid Dr3am have taken the system offline at present.

When they've addressed some fundamental issues of security, robustness and integrity perhaps their system will be ready for a more general audience.

fleccy
Registered User
Posts: 275
Joined: Mon Oct 27, 2003 8:26 am
Location: Manchester, UK

Post by fleccy »

sorry i cant read :P

Locked

Return to “[2.0.x] MODs in Development”