phpBB Philosophy: PHP Support and SSL

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
Post Reply
Heo32
Registered User
Posts: 182
Joined: Sat Jan 07, 2017 10:08 pm

phpBB Philosophy: PHP Support and SSL

Post by Heo32 »

I saw this topic:

https://area51.phpbb.com/phpBB/viewtopi ... 81&t=50831

It discouraged me.

As a community, it is not up to us to decide these things. It should not be up to a vote proposing EOL versions of PHP and soon-to-be EOL versions of PHP to determine which version should be supported in future phpBB releases. The decision is based on a source. That source comes from the link located here:

http://php.net/supported-versions.php

As developers, you decide what is best for the community. Making smart decisions such as integrating the latest software for stability and security, and supporting only the supported versions of PHP must always be a priority when dealing with time-frames and schedules.

Based on the release schedule (https://www.phpbb.com/about/release/), it is clear which version of PHP must be supported starting with phpBB 3.3.x. Scheduled for December, 2017 with an EOL in December, 2019, PHP 7.0 will already be EOL for nearly a year during that time. That means people will be running insecure version of PHP for 11 months because the phpBB team allowed it due to a popular vote. The obvious choice here is clearly PHP 7.1 beginning with phpBB 3.3.x. It doesn't matter what the votes are. It would be unwise and irresponsible to support an obsolete and unsupported version of PHP.

Also...

Firefox 51.0 came out today. It now warns users if a site does not use https when a username and password are required for logging in.

http://www.tomshardware.com/news/firefo ... 33468.html

This same concept should be applied in phpBB if a website does not support SSL/TLS. A page should be displayed to users that attempt to log in over an insecure connection with a confirmation. The same should apply for those that register over http.

WordPress is also taking this route :

https://wordpress.org/news/2016/12/moving-toward-ssl/
2017 is going to be the year that we’re going to see features in WordPress which require hosts to have HTTPS available.

I hope these proposals are taken into consideration as new features in the phpBB 3.3.x code and beyond. CloudFlare is a great place to get free SSL keys. I've never set up SSL on my website until just this month. They made it really easy for first-time users. There's no excuse to not use encryption anymore.
Last edited by Heo32 on Wed Jan 25, 2017 10:23 am, edited 1 time in total.
Is this for you? Windows & Nginx & PHP & MySQL & phpBB & WordPress & Cloudflare -- Updated: October 17, 2020

Content-Security-Policy: Allow using Content-Security-Policy without unsafe-inline
stevemaury wrote:
Sun May 20, 2018 8:16 pm
I went to your board and looked for an hour or so, but did not see the women without underwear.
User avatar
david63
Registered User
Posts: 18437
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Contact:

Re: phpBB Philosophy: PHP Support and SSL

Post by david63 »

The first link on your post to Area51 does not exist so I really have no idea to what it is that you are referencing.
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored
User avatar
Ger
Recognised Extension Developer
Posts: 1962
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: phpBB Philosophy: PHP Support and SSL

Post by Ger »

david63 wrote:
Wed Jan 25, 2017 10:12 am
The first link on your post to Area51 does not exist so I really have no idea to what it is that you are referencing.
https://area51.phpbb.com/phpBB/viewtopi ... 81&t=50831
My extensions:
Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update, Modern Quote, Quoted Where (GDPR) and Autoresponder.
Newest: FAQ manager for 3.2

Like my work? Buy me a coffee to keep it coming. :ugeek:

-Don't PM me for support-
Heo32
Registered User
Posts: 182
Joined: Sat Jan 07, 2017 10:08 pm

Re: phpBB Philosophy: PHP Support and SSL

Post by Heo32 »

Is this for you? Windows & Nginx & PHP & MySQL & phpBB & WordPress & Cloudflare -- Updated: October 17, 2020

Content-Security-Policy: Allow using Content-Security-Policy without unsafe-inline
stevemaury wrote:
Sun May 20, 2018 8:16 pm
I went to your board and looked for an hour or so, but did not see the women without underwear.
Post Reply

Return to “phpBB Discussion”