Discuss: phpBB 3.2.6 Release

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Suggested Hosts
User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5408
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc
Contact:

Discuss: phpBB 3.2.6 Release

Post by Marc » Mon Apr 29, 2019 8:58 am

Please discuss the announcement here.

As a reminder, please do not post support requests here but rather use the Support Forum.

User avatar
wolfbeast
Registered User
Posts: 61
Joined: Sat Aug 10, 2013 1:24 am

Re: Discuss: phpBB 3.2.6 Release

Post by wolfbeast » Mon Apr 29, 2019 10:21 am

the removal of the functionality to download database backups
I really don't think this is a good move. It's the prime way for admins to make off-site db backups from the web interface; you should at least keep the option to do this (enabled e.g. through config.php or so). This kind of "hardening" is trying to mitigate poor administration or staff organization; that shouldn't be phpBB's task. Board operators should instead make sure they have 1 or maybe 2 admins at most that have that level of access, and enforce proper security practices for those accounts.

User avatar
Meis2M
Translator
Posts: 875
Joined: Wed Mar 03, 2010 11:32 am
Location: IR.Damghan
Name: میثم نوبری
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by Meis2M » Mon Apr 29, 2019 10:27 am

good news :D
phpBB persian international support
Ultimate SEO Friendly URL - Extension
Follow us in Instagram
Free upgrade and install extensions on your forum - drop me PM

User avatar
abdu7maan
Registered User
Posts: 109
Joined: Tue Apr 02, 2019 11:23 am
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by abdu7maan » Mon Apr 29, 2019 10:44 am

:(
The exaggeration in increasing the protection of the script makes the program futile and impractical.
It is supposed to be developed like what happened in vbulletin5 and xenforo2
Welcome to my site :
anime
https://www.anime-toon.net
:oops:

User avatar
Mick
Support Team Member
Support Team Member
Posts: 21584
Joined: Fri Aug 29, 2008 9:49 am
Location: Caerdydd

Re: Discuss: phpBB 3.2.6 Release

Post by Mick » Mon Apr 29, 2019 11:22 am

As you may have noticed this isn’t VB or Xenforo, phpBB is a totally different entity. It makes no sense to keep harping on about other board software and how much better than phpBB it is, the choice to use any of them is down to you.
"The more connected we get the more alone we become" - Kyle Broflovski

antier
Registered User
Posts: 30
Joined: Sat Aug 15, 2015 11:37 pm

Re: Discuss: phpBB 3.2.6 Release

Post by antier » Mon Apr 29, 2019 11:46 am

As everyone knows, the best is the enemy of good.

This is, in my opinion, very clearly the case with this update.

User avatar
abdu7maan
Registered User
Posts: 109
Joined: Tue Apr 02, 2019 11:23 am
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by abdu7maan » Mon Apr 29, 2019 12:26 pm

Mick wrote:
Mon Apr 29, 2019 11:22 am
As you may have noticed this isn’t VB or Xenforo, phpBB is a totally different entity. It makes no sense to keep harping on about other board software and how much better than phpBB it is, the choice to use any of them is down to you.
I am not talking about what is the best or the worst.
We are talking about development.
The topic does not concern me or you as you think.
Welcome to my site :
anime
https://www.anime-toon.net
:oops:

User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 942
Joined: Thu Apr 23, 2009 1:20 pm
Location: Germany
Name: Christian
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by Crizzo » Mon Apr 29, 2019 12:30 pm

wolfbeast wrote:
Mon Apr 29, 2019 10:21 am
the removal of the functionality to download database backups
I really don't think this is a good move. It's the prime way for admins to make off-site db backups from the web interface; you should at least keep the option to do this (enabled e.g. through config.php or so). This kind of "hardening" is trying to mitigate poor administration or staff organization; that shouldn't be phpBB's task. Board operators should instead make sure they have 1 or maybe 2 admins at most that have that level of access, and enforce proper security practices for those accounts.
But what is the problem, that you need one more step to download the backup then from the store/ folder?
My extensions for phpBB: crizzo.de
German phpBB Support at www.phpbb.de

User avatar
</Solidjeuh>
Registered User
Posts: 1716
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by </Solidjeuh> » Mon Apr 29, 2019 12:33 pm

Update complete on 2 boards. All good! 8-)

Heo32
Registered User
Posts: 117
Joined: Sat Jan 07, 2017 10:08 pm

Re: Discuss: phpBB 3.2.6 Release

Post by Heo32 » Mon Apr 29, 2019 12:41 pm

I'm happy with the change in backup functionality. Know that it was done with good intentions. Having proactive security is always better than being reactive. That's what makes phpBB stand out over other solutions. Being one step ahead is key to avoiding a potential compromised situation.

The update went well for me and everything seems to be working.

Thank you to everyone that made this release a possibility!
Is this for you? :arrow: Windows + Nginx + PHP + MySQL + phpBB + WordPress + Cloudflare

Allow using Content-Security-Policy without unsafe-inline
stevemaury wrote:
Sun May 20, 2018 8:16 pm
I went to your board and looked for an hour or so, but did not see the women without underwear.

User avatar
EA117
Registered User
Posts: 942
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by EA117 » Mon Apr 29, 2019 1:49 pm

Possibly an extra reason to make sure you're using a phpBB 3.2.6-compatible style before deploying the update:
viewtopic.php?f=556&t=2509981&p=15243246

invenio
Registered User
Posts: 118
Joined: Wed Dec 09, 2015 1:45 pm
Location: New Hampshire, USA
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by invenio » Mon Apr 29, 2019 6:35 pm

Glad to see a new version out.

As a non-IT person. Can somebody explain what the security advantage is without being able to download the database from ACP? If you have admin privileges, you can do whatever you want to the board (ie read any posts, delete anything, etc.)? I was using this to backup my board database and just don't understand the security issue. Not criticizing, I just don't understand it.

User avatar
</Solidjeuh>
Registered User
Posts: 1716
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by </Solidjeuh> » Mon Apr 29, 2019 6:43 pm

invenio wrote:
Mon Apr 29, 2019 6:35 pm
Glad to see a new version out.

As a non-IT person. Can somebody explain what the security advantage is without being able to download the database from ACP? If you have admin privileges, you can do whatever you want to the board (ie read any posts, delete anything, etc.)? I was using this to backup my board database and just don't understand the security issue. Not criticizing, I just don't understand it.
You can still backup the database via ACP, just not download it anymore via ACP. So when a hacker get access to your admin/founder account, he cannot download/steal the database. And that's where the most important information is being stored. You can now simply download it from the /store folder.

invenio
Registered User
Posts: 118
Joined: Wed Dec 09, 2015 1:45 pm
Location: New Hampshire, USA
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by invenio » Mon Apr 29, 2019 7:02 pm

Oh, I see. So it's not access to the database that was restricted from the ACP, merely the placement of that archived database.

User avatar
Joyce&Luna
Registered User
Posts: 263
Joined: Wed Oct 14, 2015 3:46 pm
Location: Germany
Name: Anke
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by Joyce&Luna » Mon Apr 29, 2019 7:24 pm

Hi

Are code changes necessary from 3.2.6 RC1 to 3.2.6?
My contributions are translated from German to English by google. This can lead to misunderstanding.

phpBB Style Design

Locked

Return to “phpBB Discussion”