Page 1 of 4

Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 8:58 am
by Marc
Please discuss the announcement here.

As a reminder, please do not post support requests here but rather use the Support Forum.

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 10:21 am
by wolfbeast
the removal of the functionality to download database backups
I really don't think this is a good move. It's the prime way for admins to make off-site db backups from the web interface; you should at least keep the option to do this (enabled e.g. through config.php or so). This kind of "hardening" is trying to mitigate poor administration or staff organization; that shouldn't be phpBB's task. Board operators should instead make sure they have 1 or maybe 2 admins at most that have that level of access, and enforce proper security practices for those accounts.

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 10:27 am
by Meis2M
good news :D

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 10:44 am
by abdu7maan
:(
The exaggeration in increasing the protection of the script makes the program futile and impractical.
It is supposed to be developed like what happened in vbulletin5 and xenforo2

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 11:22 am
by Mick
As you may have noticed this isn’t VB or Xenforo, phpBB is a totally different entity. It makes no sense to keep harping on about other board software and how much better than phpBB it is, the choice to use any of them is down to you.

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 11:46 am
by antier
As everyone knows, the best is the enemy of good.

This is, in my opinion, very clearly the case with this update.

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 12:26 pm
by abdu7maan
Mick wrote:
Mon Apr 29, 2019 11:22 am
As you may have noticed this isn’t VB or Xenforo, phpBB is a totally different entity. It makes no sense to keep harping on about other board software and how much better than phpBB it is, the choice to use any of them is down to you.
I am not talking about what is the best or the worst.
We are talking about development.
The topic does not concern me or you as you think.

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 12:30 pm
by Crizzo
wolfbeast wrote:
Mon Apr 29, 2019 10:21 am
the removal of the functionality to download database backups
I really don't think this is a good move. It's the prime way for admins to make off-site db backups from the web interface; you should at least keep the option to do this (enabled e.g. through config.php or so). This kind of "hardening" is trying to mitigate poor administration or staff organization; that shouldn't be phpBB's task. Board operators should instead make sure they have 1 or maybe 2 admins at most that have that level of access, and enforce proper security practices for those accounts.
But what is the problem, that you need one more step to download the backup then from the store/ folder?

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 12:33 pm
by </Solidjeuh>
Update complete on 2 boards. All good! 8-)

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 12:41 pm
by Heo32
I'm happy with the change in backup functionality. Know that it was done with good intentions. Having proactive security is always better than being reactive. That's what makes phpBB stand out over other solutions. Being one step ahead is key to avoiding a potential compromised situation.

The update went well for me and everything seems to be working.

Thank you to everyone that made this release a possibility!

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 1:49 pm
by EA117
Possibly an extra reason to make sure you're using a phpBB 3.2.6-compatible style before deploying the update:
viewtopic.php?f=556&t=2509981&p=15243246

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 6:35 pm
by invenio
Glad to see a new version out.

As a non-IT person. Can somebody explain what the security advantage is without being able to download the database from ACP? If you have admin privileges, you can do whatever you want to the board (ie read any posts, delete anything, etc.)? I was using this to backup my board database and just don't understand the security issue. Not criticizing, I just don't understand it.

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 6:43 pm
by </Solidjeuh>
invenio wrote:
Mon Apr 29, 2019 6:35 pm
Glad to see a new version out.

As a non-IT person. Can somebody explain what the security advantage is without being able to download the database from ACP? If you have admin privileges, you can do whatever you want to the board (ie read any posts, delete anything, etc.)? I was using this to backup my board database and just don't understand the security issue. Not criticizing, I just don't understand it.
You can still backup the database via ACP, just not download it anymore via ACP. So when a hacker get access to your admin/founder account, he cannot download/steal the database. And that's where the most important information is being stored. You can now simply download it from the /store folder.

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 7:02 pm
by invenio
Oh, I see. So it's not access to the database that was restricted from the ACP, merely the placement of that archived database.

Re: Discuss: phpBB 3.2.6 Release

Posted: Mon Apr 29, 2019 7:24 pm
by Joyce&Luna
Hi

Are code changes necessary from 3.2.6 RC1 to 3.2.6?