How secure is info on a single-user board?

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Get Involved
Post Reply
Fermenter
Registered User
Posts: 78
Joined: Mon Jul 30, 2012 3:29 am

How secure is info on a single-user board?

Post by Fermenter »

This is just an idea. I'm probably a bit weird, but something about the forum structure just works for me. I'm pondering the idea of installing one just for my own private use, to manage personal projects and life admin in general.

My question is a simple one: what are the security risks with posting personal info, and documents etc, onto a phpbb forum? Is it a stupid idea, or no more risky than any other cloud storage option?!
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: How secure is info on a single-user board?

Post by david63 »

The one issue that you will have to deal with is that if you install the board on the Internet, as opposed to localserver, then unless you set the Bot permissions correctly to have no access then you will run the risk of your data being indexed on the search engines.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
User avatar
KevC
Support Team Member
Support Team Member
Posts: 72339
Joined: Fri Jun 04, 2004 10:44 am
Location: Oxford, UK
Contact:

Re: How secure is info on a single-user board?

Post by KevC »

Further to David's point, you could actually disable the board. Only admins and mods can access the forums when it's like that. Bots and guests can see nothing and do nothing.

Also as David says, I'd question why it has to be on the internet at all. Just run it on localhost if you want to use it as a data store.
-:|:- Support Request Template -:|:-
Image
"Step up to red alert. Sir, are you absolutely sure? It does mean changing the bulb"
Fermenter
Registered User
Posts: 78
Joined: Mon Jul 30, 2012 3:29 am

Re: How secure is info on a single-user board?

Post by Fermenter »

Thanks guys. My other board is a 'private' board, so I've already set bots and guests to have no access to that (I assume that not adding a group to a forum is essentially the same as adding the group with "no access" permission??)

I'm also curious to know how secure attached files are? I get a 403 forbidden if I try to navigate directly to the files but I'm certainly no hacker, is this pretty secure?

Having the board on the net would just be convenient for mobile access.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26502
Joined: Fri Aug 29, 2008 9:49 am

Re: How secure is info on a single-user board?

Post by Mick »

Fermenter wrote: Wed Nov 03, 2021 3:08 pmHaving the board on the net would just be convenient for mobile access
You have that with Kevs suggestion:
KevC wrote: Wed Nov 03, 2021 9:07 amyou could actually disable the board. Only admins and mods can access the forums when it's like that. Bots and guests can see nothing and do nothing
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
Fermenter
Registered User
Posts: 78
Joined: Mon Jul 30, 2012 3:29 am

Re: How secure is info on a single-user board?

Post by Fermenter »

Sure, but doesn't giving bots and guests "no access" do the same thing? Who else is there?

Not trying to be smart, just genuinely curious to know if there's actually a technical difference between the two solutions.

Similarly, does creating a forum and adding only Administrators achieve the same thing as adding bots and guests with "no access"?
User avatar
thecoalman
Community Team Member
Community Team Member
Posts: 5871
Joined: Wed Dec 22, 2004 3:52 am
Location: Pennsylvania, U.S.A.
Contact:

Re: How secure is info on a single-user board?

Post by thecoalman »

Using a basic public server to host personal and private documentation is a huge risk. Employees of your host have access to it, not to mention you are on server that might be hosting hundreds of sites all of which could have potential to exploit the server.

Cloud services like Google for example have similar issues but at least the server is purpose built with security in mind. Personally I never upload anything sensitive to anywhere unless it's encrypted.
Fermenter wrote: Thu Nov 04, 2021 2:31 am Similarly, does creating a forum and adding only Administrators achieve the same thing as adding bots and guests with "no access"?
If you were going to create such forum the easiest thing to do is ACP >> Permissions Tab >> Forum Permissions >> Check"all forums"

Highlight all groups but administrators and select remove permissions.

When a group has not been added to forum permission they have no permissions yes, no or otherwise.
“Results! Why, man, I have gotten a lot of results! I have found several thousand things that won’t work.”

Attributed - Thomas Edison
User avatar
warmweer
Jr. Extension Validator
Posts: 11234
Joined: Fri Jul 04, 2003 6:34 am
Location: Van Allen Bel ... gium
Contact:

Re: How secure is info on a single-user board?

Post by warmweer »

You could install a personal webserver on a USB stick and take that with you wherever you go. Wherever you have access to a PC or laptop (preferably you're own), you have your board.

I do recommend passwording the USB stick + regularly taking a backup and storing that in a safe (encrypted) place.
Spelling is freeware, which means you can use it for free.
On the other hand, it is not open source, which means you cannot change it or publish it in a modified form.


Time flies like an arrow, but fruit flies like a banana.
User avatar
Mick
Support Team Member
Support Team Member
Posts: 26502
Joined: Fri Aug 29, 2008 9:49 am

Re: How secure is info on a single-user board?

Post by Mick »

Fermenter wrote: Thu Nov 04, 2021 2:31 amNot trying to be smart
Disabling the board is one easy click in the ACP. Denying access to guests and bots would do more or less the same thing but you have to go in to the permission settings to do it. A year down the line and you decide to go public there’s the possibility you’ll have forgotten how to reverse it and come back here for help. Using the ACP disable is still a single click. On a single user board why are you so concerned with guests and bots?
  • "The more connected we get the more alone we become" - Kyle Broflovski©
  • "The good news is hell is just the product of a morbid human imagination.
    The bad news is, whatever humans can imagine, they can usually create.
    " - Harmony Cobel
Fermenter
Registered User
Posts: 78
Joined: Mon Jul 30, 2012 3:29 am

Re: How secure is info on a single-user board?

Post by Fermenter »

Mick wrote: Thu Nov 04, 2021 9:20 am On a single user board why are you so concerned with guests and bots?
Because guests and bots are exactly who I'm trying to exclude from accessing my private content?!

I'm just trying to understand whether there's any technical / real world difference between:

1. not adding any groups to my forums (other than administrators);
2. adding guests & bots and setting all their permissions to 'no';
3. disabling the board.

It seems like they'd all have the same result but I don't know for sure, that's why I'm asking.

I'm not objecting to disabling the board, but like anything it has pros and cons. It means I've permanently got a red banner on every page, and it takes an extra click to log in. It also gives me no option of a public-facing home page, or of creating an area that my partner could access.

It seems no more complicated to add only the administrators group to each forum, I just want to understand if this is technically more vulnerable to hackers etc.

BTW I won't be 'going public' with this board, it will contain personal documents, to-do lists, projects and general life admin stuff. There's probably cloud 'productivity' software that does the same thing, I just like the logical structure of the board, I'm familiar with it, and it's free.
User avatar
david63
Registered User
Posts: 20646
Joined: Thu Dec 19, 2002 8:08 am

Re: How secure is info on a single-user board?

Post by david63 »

Fermenter wrote: Sat Nov 06, 2021 1:24 am add only the administrators group to each forum
And registered users.

All members must be in the Registered Users group as that group contains the basic permissions for users. You will also need the Guests group available with the ANONYMOUS user in it if, at some point, you want to have a public facing front page.
David
Remember: You only know what you know and - you don't know what you don't know!

I now no longer support any of my extensions but they will start to become available here
Post Reply

Return to “phpBB Discussion”