Discuss: phpBB 3.2.6 Release

Do not post support requests, bug reports or feature requests. Discuss phpBB here. Non-phpBB related discussion goes in General Discussion!
Scam Warning
User avatar
Marc
Development Team Leader
Development Team Leader
Posts: 5460
Joined: Tue Oct 30, 2007 10:57 pm
Location: Munich, Germany
Name: Marc
Contact:

Discuss: phpBB 3.2.6 Release

Post by Marc »

Please discuss the announcement here.

As a reminder, please do not post support requests here but rather use the Support Forum.
User avatar
wolfbeast
Registered User
Posts: 69
Joined: Sat Aug 10, 2013 1:24 am

Re: Discuss: phpBB 3.2.6 Release

Post by wolfbeast »

the removal of the functionality to download database backups
I really don't think this is a good move. It's the prime way for admins to make off-site db backups from the web interface; you should at least keep the option to do this (enabled e.g. through config.php or so). This kind of "hardening" is trying to mitigate poor administration or staff organization; that shouldn't be phpBB's task. Board operators should instead make sure they have 1 or maybe 2 admins at most that have that level of access, and enforce proper security practices for those accounts.
User avatar
Meis2M
Translator
Posts: 914
Joined: Wed Mar 03, 2010 11:32 am
Location: IR.Damghan
Name: میثم نوبری
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by Meis2M »

good news :D
phpBB persian international support
Follow us in Instagram
Free upgrade and install extensions on your forum - drop me PM
Ultimate phpBB SEO Friendly URL extension
User avatar
abdu7maan
Registered User
Posts: 128
Joined: Tue Apr 02, 2019 11:23 am
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by abdu7maan »

:(
The exaggeration in increasing the protection of the script makes the program futile and impractical.
It is supposed to be developed like what happened in vbulletin5 and xenforo2
User avatar
Mick
Support Team Member
Support Team Member
Posts: 22541
Joined: Fri Aug 29, 2008 9:49 am
Location: Cardiff

Re: Discuss: phpBB 3.2.6 Release

Post by Mick »

As you may have noticed this isn’t VB or Xenforo, phpBB is a totally different entity. It makes no sense to keep harping on about other board software and how much better than phpBB it is, the choice to use any of them is down to you.
"The more connected we get the more alone we become" - Kyle Broflovski©
antier
Registered User
Posts: 30
Joined: Sat Aug 15, 2015 11:37 pm

Re: Discuss: phpBB 3.2.6 Release

Post by antier »

As everyone knows, the best is the enemy of good.

This is, in my opinion, very clearly the case with this update.
User avatar
abdu7maan
Registered User
Posts: 128
Joined: Tue Apr 02, 2019 11:23 am
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by abdu7maan »

Mick wrote:
Mon Apr 29, 2019 11:22 am
As you may have noticed this isn’t VB or Xenforo, phpBB is a totally different entity. It makes no sense to keep harping on about other board software and how much better than phpBB it is, the choice to use any of them is down to you.
I am not talking about what is the best or the worst.
We are talking about development.
The topic does not concern me or you as you think.
User avatar
Crizzo
Translations & International Support Teams Manager
Translations & International Support Teams Manager
Posts: 1175
Joined: Thu Apr 23, 2009 1:20 pm
Location: Germany
Name: Christian
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by Crizzo »

wolfbeast wrote:
Mon Apr 29, 2019 10:21 am
the removal of the functionality to download database backups
I really don't think this is a good move. It's the prime way for admins to make off-site db backups from the web interface; you should at least keep the option to do this (enabled e.g. through config.php or so). This kind of "hardening" is trying to mitigate poor administration or staff organization; that shouldn't be phpBB's task. Board operators should instead make sure they have 1 or maybe 2 admins at most that have that level of access, and enforce proper security practices for those accounts.
But what is the problem, that you need one more step to download the backup then from the store/ folder?
My extensions for phpBB: crizzo.de
German phpBB Support at www.phpbb.de
User avatar
</Solidjeuh>
Registered User
Posts: 1788
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by </Solidjeuh> »

Update complete on 2 boards. All good! 8-)
Heo32
Registered User
Posts: 146
Joined: Sat Jan 07, 2017 10:08 pm

Re: Discuss: phpBB 3.2.6 Release

Post by Heo32 »

I'm happy with the change in backup functionality. Know that it was done with good intentions. Having proactive security is always better than being reactive. That's what makes phpBB stand out over other solutions. Being one step ahead is key to avoiding a potential compromised situation.

The update went well for me and everything seems to be working.

Thank you to everyone that made this release a possibility!
stevemaury wrote:
Sun May 20, 2018 8:16 pm
I went to your board and looked for an hour or so, but did not see the women without underwear.
Is this for you?
Windows + Nginx + PHP + MySQL + phpBB + WordPress + Cloudflare

Content-Security-Policy:
Allow using Content-Security-Policy without unsafe-inline
User avatar
EA117
Registered User
Posts: 1674
Joined: Wed Aug 15, 2018 3:23 am
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by EA117 »

Possibly an extra reason to make sure you're using a phpBB 3.2.6-compatible style before deploying the update:
viewtopic.php?f=556&t=2509981&p=15243246
User avatar
invenio
Registered User
Posts: 143
Joined: Wed Dec 09, 2015 1:45 pm
Location: New Hampshire, USA
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by invenio »

Glad to see a new version out.

As a non-IT person. Can somebody explain what the security advantage is without being able to download the database from ACP? If you have admin privileges, you can do whatever you want to the board (ie read any posts, delete anything, etc.)? I was using this to backup my board database and just don't understand the security issue. Not criticizing, I just don't understand it.
User avatar
</Solidjeuh>
Registered User
Posts: 1788
Joined: Tue Mar 29, 2016 3:45 am
Location: Aalst (Belgium)
Name: Andy Dm
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by </Solidjeuh> »

invenio wrote:
Mon Apr 29, 2019 6:35 pm
Glad to see a new version out.

As a non-IT person. Can somebody explain what the security advantage is without being able to download the database from ACP? If you have admin privileges, you can do whatever you want to the board (ie read any posts, delete anything, etc.)? I was using this to backup my board database and just don't understand the security issue. Not criticizing, I just don't understand it.
You can still backup the database via ACP, just not download it anymore via ACP. So when a hacker get access to your admin/founder account, he cannot download/steal the database. And that's where the most important information is being stored. You can now simply download it from the /store folder.
User avatar
invenio
Registered User
Posts: 143
Joined: Wed Dec 09, 2015 1:45 pm
Location: New Hampshire, USA
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by invenio »

Oh, I see. So it's not access to the database that was restricted from the ACP, merely the placement of that archived database.
User avatar
Joyce&Luna
Registered User
Posts: 281
Joined: Wed Oct 14, 2015 3:46 pm
Location: Germany
Name: Anke
Contact:

Re: Discuss: phpBB 3.2.6 Release

Post by Joyce&Luna »

Hi

Are code changes necessary from 3.2.6 RC1 to 3.2.6?
My contributions are translated from German to English by google. This can lead to misunderstanding.

phpBB Style Design
Locked

Return to “phpBB Discussion”