Three features you would like to see in 3.3.

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
User avatar
Wes of StarArmy
Registered User
Posts: 288
Joined: Fri Mar 04, 2005 2:59 am
Location: StarArmy.com
Contact:

Re: Three features you would like to see in 3.3.

Post by Wes of StarArmy » Mon Jun 11, 2018 2:37 pm

Lumpy Burgertushie wrote:
Mon Jun 11, 2018 1:58 pm
If phpbb were having security issues I would say maybe this was something to worry about. however, as far as I know there are none so why worry
Lack of 2FA -is- a security issue. It is industry standard these days just like TLS is.

Toxyy
Registered User
Posts: 423
Joined: Mon Oct 24, 2016 3:22 pm

Re: Three features you would like to see in 3.3.

Post by Toxyy » Mon Jun 11, 2018 2:42 pm

Ger wrote:
Mon Jun 11, 2018 2:32 pm
Well, 2FA isn't really about security of the current phpBB login system itself, that's actually fine as it is. AFAIK it's never been hacked.

2FA is securing the bypasses, e.g. when your email account is hacked, somebody resetting your phpBB account linked to that email etc. Or simply somebody guessing your password or when it's retrieved through a MITM attack, a keylogger or just watching over your shoulder while you type it. 2FA is simply extending the "something you know" (password) with a "something you have" (your phone). The combination of those two required to login makes it way more difficult to breach it.
It's saved me a few times on other forums, actually.
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

User avatar
david63
Jr. Extension Validator
Posts: 14316
Joined: Thu Dec 19, 2002 8:08 am
Location: Lancashire, UK
Name: David Wood
Contact:

Re: Three features you would like to see in 3.3.

Post by david63 » Mon Jun 11, 2018 3:02 pm

Why is there a presumption these days that everybody has a mobile/cell phone permanently attached to their body?
David
Remember: You only know what you know and - you don't know what you don't know!
My CDB Contributions | How to install an extension
I will not be accepting translations for any of my extensions in Github - please post any translations in the appropriate topic.
No support requests via PM or email as they will be ignored

User avatar
Lumpy Burgertushie
Registered User
Posts: 64454
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie » Mon Jun 11, 2018 3:30 pm

I think we should start a movement to at least have the cable that goes from the cell phone to the user's foot removed.

I finally figured out that must be why when they pick up the phone, their foot raised off of the gas pedal in the car.

If you can sit in your car and talk to your passenger without slowing down, why can't you talk on the phone without slowing down?


robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

User avatar
Ger
Recognised Extension Developer
Posts: 1471
Joined: Wed Jan 02, 2008 7:35 pm
Location: 192.168.1.100
Contact:

Re: Three features you would like to see in 3.3.

Post by Ger » Mon Jun 11, 2018 4:18 pm

People just shouldn't use their phone while driving, but that's another topic.
My extensions: Simple CMS, Feed post bot, Avatar Resize, Modbreak, Magic OGP, Live topic update and Modern Quote
Newest: Quoted Where + anonymize

Like my work? Buy me a coffee to keep it coming. :ugeek:
-Available for custom work-

User avatar
Lumpy Burgertushie
Registered User
Posts: 64454
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie » Mon Jun 11, 2018 4:50 pm

people who can not figure out how to talk and drive should not use their phone while driving.
remember that the ability to use the phone while driving was one of the main reasons /benefits of the invention of the cell phone.


and you are right, I pulled this off topic so I am done.

robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

User avatar
tojag
Registered User
Posts: 327
Joined: Thu Aug 07, 2014 8:00 am
Location: Warsaw, Poland, EU
Name: Gregory

Re: Three features you would like to see in 3.3.

Post by tojag » Mon Jun 11, 2018 7:11 pm

Ger wrote:
Mon Jun 11, 2018 2:32 pm
2FA is securing the bypasses, e.g. when your email account is hacked, somebody resetting your phpBB account linked to that email etc. Or simply somebody guessing your password or when it's retrieved through a MITM attack, a keylogger or just watching over your shoulder while you type it. 2FA is simply extending the "something you know" (password) with a "something you have" (your phone). The combination of those two required to login makes it way more difficult to breach it.
Nothing more to add. I do not need anything else. Nowadays, you should protect the system from attack because you never know if the hacker no longer steals my password. Double authentication by SMS, key generator or software authenticator is a very good method of securing access recognized by IT systems, banks and others. Only phpBB is immune to changes :)
If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?

User avatar
John connor
Registered User
Posts: 1579
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Three features you would like to see in 3.3.

Post by John connor » Mon Jun 11, 2018 9:07 pm

tojag wrote:
Mon Jun 11, 2018 7:11 pm

If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?
Lack of mod_security from what I read on the hacker's blog. :lol:

User avatar
John connor
Registered User
Posts: 1579
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Three features you would like to see in 3.3.

Post by John connor » Mon Jun 11, 2018 9:09 pm

I use 2FA for everything I can use it with. PayPal, my domain, bank, E-mail provider host, Amazon AWS, CloudFlare, you name it. Then save the backup codes in Keepass, encrypt that database yet again with a 7z AES archive and store that in a cloud provider, my local FTP and on CD.

User avatar
Lumpy Burgertushie
Registered User
Posts: 64454
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie » Mon Jun 11, 2018 9:27 pm

John connor wrote:
Mon Jun 11, 2018 9:09 pm
I use 2FA for everything I can use it with. PayPal, my domain, bank, E-mail provider host, Amazon AWS, CloudFlare, you name it. Then save the backup codes in Keepass, encrypt that database yet again with a 7z AES archive and store that in a cloud provider, my local FTP and on CD.
yes , but not everyone is as paranoid as you are. ;) :D

robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

User avatar
John connor
Registered User
Posts: 1579
Joined: Fri Nov 14, 2014 5:14 pm
Location: U S Of A
Contact:

Re: Three features you would like to see in 3.3.

Post by John connor » Mon Jun 11, 2018 9:42 pm

I guess you don't watch or read the news.

" Hacker group steals 15 million user accounts."

" A vulnerability has allowed a hacker to gain access to such and such database."


or the future post of: "HELP! I've had my database stolen!"

Toxyy
Registered User
Posts: 423
Joined: Mon Oct 24, 2016 3:22 pm

Re: Three features you would like to see in 3.3.

Post by Toxyy » Mon Jun 11, 2018 9:47 pm

I already posted this reply... oops

But really though, just because more experienced users might not find it necessary for their smaller forum doesn't mean the inexperienced web admin with a very large forum wouldn't benefit from it, or his users.
I am a web developer/administrator, specializing in forums. If you have work you need done or are too lazy to do, pm me!

User avatar
Lumpy Burgertushie
Registered User
Posts: 64454
Joined: Mon May 02, 2005 3:11 am
Contact:

Re: Three features you would like to see in 3.3.

Post by Lumpy Burgertushie » Mon Jun 11, 2018 10:31 pm

John connor wrote:
Mon Jun 11, 2018 9:42 pm
I guess you don't watch or read the news.

" Hacker group steals 15 million user accounts."

" A vulnerability has allowed a hacker to gain access to such and such database."


or the future post of: "HELP! I've had my database stolen!"
and how many of those issues were related to phpbb? none? that is my point.

I was just picking at you about paranoid. no offense meant.
just because you are paranoid doesn't mean they are not out to get ya.
robert
I am available for custom work on a donation basis. Please send me a PM with your needs.

Premium phpBB 3.2 Styles by PlanetStyles.net

User avatar
stevemaury
Support Team Member
Support Team Member
Posts: 49164
Joined: Thu Nov 02, 2006 12:21 am
Location: The U.P.
Name: Steve
Contact:

Re: Three features you would like to see in 3.3.

Post by stevemaury » Tue Jun 12, 2018 2:34 pm

John connor wrote:
Mon Jun 11, 2018 9:07 pm
tojag wrote:
Mon Jun 11, 2018 7:11 pm

If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?
Lack of mod_security from what I read on the hacker's blog. :lol:
This is incorrect. It is true that access was obtained to the database. However, it had nothing to do with any security vulnerability in phpBB.
For REALLY good and VERY inexpensive hosting CLICK HERE

I can stop all your spam. PM or email me.

All unsolicited PMs will be ignored.

User avatar
JimA
Community Team Leader
Community Team Leader
Posts: 7243
Joined: Thu Jul 31, 2008 5:54 am
Location: The Netherlands
Name: Jim Mossing Holsteyn
Contact:

Re: Three features you would like to see in 3.3.

Post by JimA » Tue Jun 12, 2018 4:12 pm

John connor wrote:
Mon Jun 11, 2018 9:07 pm
tojag wrote:
Mon Jun 11, 2018 7:11 pm

If I remember correctly, a few years ago the phpBB site was hacked, what was the reason?
Lack of mod_security from what I read on the hacker's blog. :lol:
It's quite a bit more complex than that. ;)

However, let's all go back to the topic this was originally about. This is about potential 3.3 features. If we want to discuss the advantages and disadvantages of 2FA, that can get its own topic.
Image Jim Mossing Holsteyn - Community Team Leader
Knowledge Base | Documentation | Board rules

If you're having any questions about the rules/customs of this website, feel free to drop me a PM.

Post Reply

Return to “phpBB Discussion”

Who is online

Users browsing this forum: Blitze and 27 guests