I found a 2018 thread that spoke of this and provided a link but the link was broken.
So I added my bit but I"m thinking maybe no one is looking at it any more and I should ask the question myself.
I would like a list of major institutions of whatever kind that use phpBB so that I can present it to a set of managers/administrators who resist, refuse, to emply phpBB and insist on using their inhouse thing which frankly isn't much good.
The main thing they quote is security so I was thinking a list of respectable institutions that use it should overcome that objection. And I still do.
But I"ve realised something, I think: my own domain host is using phpBB ! They host my boards and therefore they are using phpBB aren't they? It is running on their machines, not mine. One of my providers is Awardspace for instance. Now they're fairly big I think and what a stake they've got in security! Any hosting company.
If phpBB was any kind of risk they wouldn't allow it on their servers would they?
But anyway, all the more the merrier, all the ammunition I can get. I think it is scandalous and pitiful the way government department meekly pander to MS and shovel all our money into their craw.
thanks for that. I've effectively double posted. sorry. that old thread was still alive and i got that 'showcase' link you've provided.
I think it wouldn't hurt to add in somewhere that realisation I just had: any hosting service provider that allow phpbb on his board is thereby endorsing phpbb, at least security wise.
that is not exactly true. the hosts that provide a one click install of phpBB and many other programs is simply paying the company that supplies the quick install for all those programs. It is a package deal for the hosting company.
the hosting company does not offer support for phpBB or any of the other quick install programs in the package and neither does the company that supplies the package to the hosting company.
all around not a good deal for the consumer with little to no knowledge about these types of things.
having said that, phpBB has not had any real security issues since phpBB3 came out back in 2007 ( I believe ).
So, as far as security goes it probably has a better record than many of the expensive paid for programs out there.
Yep. But what I mean is that phpbb is running on their server. If it enables a security breach it'll be on their server. They are apparently confident they're running minimal risk there. Seems to me. It's a vote of confidence. No?
abrogard wrote: ↑Wed Mar 17, 2021 8:13 pm
Seems to me. It's a vote of confidence. No?
Not really. Many hosts still offer old version of various software, including php, MySQL, and other forumsoftware some of which have known vulnerabilities.
The host is responsible for the security of their serversoftware, not of external applications. In many cases they don't care much about the sofware you install and don't offer support for that (not even for Installatron, Softaculous and the likes)
I am saying that if I let your software run on my machine - and I'm very security conscious - then I'm implictly saying that either (1) I'm happy to suffer the damage of any security breaches brought about by your software or (2) I am confident there will be none.
If you understood that to be what I'm saying then it must be, I think, that you're saying number (2) applies.
They are not implying any confidence in your software but, rather, are saying they're happy they can deal with it.
Which I can believe could be the case though I think it'd be unlikely. But it brings up the question of 'how would they deal with it?' for my purposes. Which are, as I've said, simply to argue for the inclusion of phpbb within their organisations.
So if it turns out that organisations - such as Awardspace for instance - are happy to carry phpBB because they can confidently and easily deal with any breaches then I could argue the organisations I'm interested in could do that, too.
Either way I can argue 'It's no problem.'
Either because it is safe (1) or because it is easy to make it safe (2).
So if the first is true, great and if it's the second please give me some clues on what they do so's I can pass that on.
phpBB is safe.
however, you can't judge a host's security because they offer phpBB from their one click install packages.
if a host knows what they are doing and have secured their servers properly and YOU install phpBB properly on those servers, it is safe.
those one click installs from the third party scripts are usually safe. they often do not work properly and are often not kept up to date. that has nothing to do with whether phpBB/wordpress, etc. are safe or if the hosting servers are safe etc.
in general , if you use a good host that knows what they are doing you can install phpBB or any other web based programs and be pretty confident that it is safe.
so FYI, the only way to make sure that your data is absolutely safe on the internet is to not put it on the internet.