[BETA] phpBB Passport 0.2.2 (NOW OUT!)

A place for MOD Authors to post and receive feedback on MODs still in development. No MODs within this forum should be used within a live environment! No new topics are allowed in this forum.
Forum rules
READ: phpBB.com Board-Wide Rules and Regulations

IMPORTANT: MOD Development Forum rules

On February 1, 2009 this forum will be set to read only as part of retiring of phpBB2.
WebspaceUK
Registered User
Posts: 56
Joined: Sun Feb 08, 2004 3:16 pm
Contact:

Post by WebspaceUK »

fleccy wrote: i wish you guys the best on your project and hope to be installing this amazing mod again soon :)


Hi,

Thanks for your support :)

I am hoping to get this mod completed as soon as possible, with security in mind. I will keep you all updated along with Rapid Dr3am.

Regards,

James

fleccy
Registered User
Posts: 275
Joined: Mon Oct 27, 2003 8:26 am
Location: Manchester, UK

Post by fleccy »

cant wait :D

danb00
Registered User
Posts: 1025
Joined: Sun Dec 15, 2002 9:41 pm
Location: Inside Mod:Extreme PHPBB
Contact:

Post by danb00 »

im helping as well :)
phpBBModded.com - Modding phpBB

WebspaceUK
Registered User
Posts: 56
Joined: Sun Feb 08, 2004 3:16 pm
Contact:

Post by WebspaceUK »

danb00 wrote: im helping as well :)


Yes,

Danb00 has been a great help! He has given us idea's and advice over MSN and thank him for this. Its people like you, and everyone else in this topic, who make us possible to make mods like this.

Thankyou again and remember, Im open to idea's.

James Parmee Morris

Seven2
Registered User
Posts: 379
Joined: Fri Oct 17, 2003 4:37 am
Location: Tomah, WI
Contact:

Post by Seven2 »

Dang to bad it took all the sites down with it including mine :P But i got it working again!

Its great to see that you are making this system more secure. But a question. Now I have registerd yesterday...is my information secure now?
I mean...no one can get into it now that you brought it down.
Just my only concern. But yes, when you make this system better I will greatly re-add it to my site! Its to bad you guys found out you had security issues :(

Good luck!
Image

WebspaceUK
Registered User
Posts: 56
Joined: Sun Feb 08, 2004 3:16 pm
Contact:

Post by WebspaceUK »

Seven2 wrote: Dang to bad it took all the sites down with it including mine :P But i got it working again!

Its great to see that you are making this system more secure. But a question. Now I have registerd yesterday...is my information secure now?
I mean...no one can get into it now that you brought it down.
Just my only concern. But yes, when you make this system better I will greatly re-add it to my site! Its to bad you guys found out you had security issues :(

Good luck!


Hi,

We acted fast to knock of the website, and move all your user details to a new database (Not accessible by the world). So your user data is Secure. I have figured out a new method, and if I work all night tonight, should have ready tomorow.

One thing I would like to say is that having the phpBB Passport mod on your website does not cause you any harm. We have redone it so that is the server was to go offline, no error message will show.

Anyhow, thanks for your support and glad you will install the next BETA version.

Regards,

James Parmee Morris

Seven2
Registered User
Posts: 379
Joined: Fri Oct 17, 2003 4:37 am
Location: Tomah, WI
Contact:

Post by Seven2 »

Great ;)
Image

theanimewizard
Registered User
Posts: 646
Joined: Tue Jul 08, 2003 9:24 pm
Contact:

Post by theanimewizard »

nice mod 8)

i ono.. i know im not installing this on my forums... but yeh, still nice =P

User avatar
psoTFX
Former Team Member
Posts: 7425
Joined: Tue Jul 03, 2001 8:50 pm

Post by psoTFX »

WebspaceUK wrote: We acted fast to knock of the website, and move all your user details to a new database (Not accessible by the world). So your user data is Secure.

But it wasn't ;)
WebspaceUK wrote: I have figured out a new method, and if I work all night tonight, should have ready tomorow.

I really doubt you can deploy a secure, robust solution in under 24 hours, based on the previous effort ;) No offence but I heavily recommend you test this internally until you've convinced yourself that it's as secure as can be.

I can't speak for the Mod team but I remain concerned about this being generally "released" here. In particular I'm worried that our userbase (or any userbase should this be released elsewhere) may be unwittingly exposing themselves to all kinds of problems by using this Mod in its current stage of implementation. So I strongly urge you to think carefully before repeating the mistakes you made here ;)

User avatar
smithy_dll
Former Team Member
Posts: 7630
Joined: Tue Jan 08, 2002 6:27 am
Location: Australia
Name: Lachlan Smith
Contact:

Post by smithy_dll »

recommended reading: http://www.phpbb.com/phpBB/viewtopic.ph ... light=soap


you will learn how to design a secure system and how long it takes by reading the correspondence, this is not an old concept

also read about how Microsoft Passport works

I also suggest you formulate a TOS and a privacy policy before continuing, then require that all particpants register and accept the TOS, this will protect you legally, and help protect your user base, but if you read the link, your userbase will be fairly protected if you go that route


I would also like to note your versioning is incorrect, all beta version must be below 1.0.0, that version number (and any minor above it) is reserved for the first release version, (and subsequant patches)

WebspaceUK
Registered User
Posts: 56
Joined: Sun Feb 08, 2004 3:16 pm
Contact:

Post by WebspaceUK »

Davidls wrote: recommended reading: http://www.phpbb.com/phpBB/viewtopic.ph ... light=soap


you will learn how to design a secure system and how long it takes by reading the correspondence, this is not an old concept

also read about how Microsoft Passport works

I also suggest you formulate a TOS and a privacy policy before continuing, then require that all particpants register and accept the TOS, this will protect you legally, and help protect your user base, but if you read the link, your userbase will be fairly protected if you go that route


I would also like to note your versioning is incorrect, all beta version must be below 1.0.0, that version number (and any minor above it) is reserved for the first release version, (and subsequant patches)


Hi,

Thankyou, Your right, I could not do it in 24 hours :D

Regarding Soap, I have looked into this and we will be using SOAP, as well as other security methods I have come up with. We are in contact of a lawyer and hopefully all the legal matters will be sorted out.

So hopefully Version 1.1.0 will be out soon ;)

The 24 hours to program it was a personal target, which for some strange reason I did not meet. :lol:

I will be taking all your idea's and taking it on board, just remember, it was lucky that our BETA did not work, not the real one. :wink:

Thankyou again for your support and idea's,

Regards,

James P-M

User avatar
smithy_dll
Former Team Member
Posts: 7630
Joined: Tue Jan 08, 2002 6:27 am
Location: Australia
Name: Lachlan Smith
Contact:

Post by smithy_dll »

ahem, your version numbering is very innapropriate, please read this and rectify asap

your beta should have been v0.1.0
your next beta preview will be v0.2.0 etc...
your first release version will be v1.0.0

please be aware that with php security through obscurity does NOT work, and will require you to use a proper security model.

WebspaceUK
Registered User
Posts: 56
Joined: Sun Feb 08, 2004 3:16 pm
Contact:

Post by WebspaceUK »

Davidls wrote: ahem, your version numbering is very innapropriate, please read this and rectify asap

your beta should have been v0.1.0
your next beta preview will be v0.2.0 etc...
your first release version will be v1.0.0

please be aware that with php security through obscurity does NOT work, and will require you to use a proper security model.


Hi,
please be aware that with php security through obscurity does NOT work, and will require you to use a proper security model.


I know that... now!.

I have managed to get a copy off Zend of a friend of mine, however we are still going to use SOAP and XML, as from what I can read, its prety damn secure.

That MOD before "Could" of worked, if it was in something like zend, however I find now giving out SQL information is a far too high security risk.

And I correct MySelf, For Version 0.2.0, Ive been busy improving security and had no idea how the Versions worked here, sorry! :)

Before I publish it again, would someone from phpBB want to check it?

Thankyou again,

James P-M

fleccy
Registered User
Posts: 275
Joined: Mon Oct 27, 2003 8:26 am
Location: Manchester, UK

Post by fleccy »

when the next version is released ill make a hotmail login look-a-like for passport every forum could have a different style hehe :P

just an idea :)

WebspaceUK
Registered User
Posts: 56
Joined: Sun Feb 08, 2004 3:16 pm
Contact:

Post by WebspaceUK »

fleccy wrote: when the next version is released ill make a hotmail login look-a-like for passport every forum could have a different style hehe :P

just an idea :)


We will :D


btw, We are using a nuSOAP. Like it?

Thanks again,

James P-M

Locked

Return to “[2.0.x] MODs in Development”