Hi John! Thank you for the reply - now I feel like I made it into the "big time"
Per YOUR (and other respected phpbb programmer's) suggestions, i reinstalled phpbb after running a "fully modded" version of the board that was just plain flakey - 217 or so mods vying for attention.
Anyway, I find myself in the process of building the board back up, and that means installing mods!
My comfort level from the phpbb.com "endorsed" mods is very high, and I am loathe to install "unoffiicial" mods - not actually for security concerns so much as because of compatability or functional concerns.
Also, keeping my old database, I find I MUST install certain mods if I want features to work - case in point - my avatars would not work after the reinstall no matter what I did - turns out once I installed (or technically reinstalled) the official neclectic's sticky avatar mod, they worked perfectly - likewise, do to my "overlapping install" i see evidence of residue from the prior board I have to address. I have not seen a banner mod from phpbb, so i installed Neils Chr. Denmark's unofficial banner hack, which I don't believe will pose security concerns, though I'd feel better comparing it to a list of known non-phpbb.com mods which are deemed safe or otherwise.
The point is, as I'm reinstalling mods, I do feel comfortable with the phpbb.com official mods. The question becomes, "Is anyone aware of mods, phpbb.com endorsed or otherwise, that have security concerns?" Perhaps if folks are aware, there could be an "official" thread, "Warning - potentially unsafe mods" and it can list Mod XYZ version 1.1.3 and then either a remedy (chmod your directory) or a warning, "We recommend you avoid this mod until the security flaw(s) are addressed" - I'm not asking potentially for what those flaws are - no need to make it easier for hackers. I do aknowledge this could be a strain for the team, so I would suppose if such an animal were put into place, it would have to be from users bringing it to the team's attention.
Another security related suggestion, might be a "Vulnerability Index" for each mod - say 1 through 5 - as a newbie, i can't spot vulnerable code, but i think it's safe to say, a mod that only moves the administration code from the bottom to the top of the page might be pretty darn secure, versus a mod that affects the admin panel settings or can through whacky circumstances create a security issue. Part 2 of the suggestion would be listing the vulnerability index in the mod's comments, and then below how to increase the security or safeguard, again, possibly with making sure certain directories or files are chmodded, or by applying a secondary mod for the security precautions.
Final point (and then I'll finish my strong cup of coffee!) - I, like many others, am very grateful to the team for the work and community provided. As a way to offset the time to potentially handle the security issues, or anything else, may i suggest the possiblity of a subscriber weekly mailing - i.e. weekly updates for phpbb2.2, newest mods or featured mods, tips, tricks, whatever, for a nominal fee - it would provide a way for the users to help support phpbb, and perhaps provide a small revenue stream in return. Just a suggestion.
Regardless of which of my ideas are applauded or thrown in the toilet, THANK YOU for the great system and community made available for the very reasonable price of nothing.
Very truly yours,