On 12/30/05, Raymond O'Donnell <rod@iol.ie> wrote:
QUOTE:
I used it once (2004) because it supported Postgres. It got hacked in
under a month. I admit that this was a one off but having searched
around the Internet for various bulletin board software there seem to
be no end of problems with phpbb with regards security. I have even
come across articles claiming that the phpbb team try not to publish
all their exploits but rather blame PHIP [0] itself and they have a
tendency to ignore certain exploits in any releases that are not
current.
UNQUOTE:
That's hardly fair. PostgreSQL also ignores security issues on older versions. If you're running 8.0.0 and a security fix came out in 8.0.1, it's your fault, not the PGDG folks.
Also, as a big proponent of PHP, I have to admit that it's quite easy to write insecure software with it. I've had nothing but good luck with PHPBB. My main complaint is that no one in the PHPBB community seems to have ever heard of diff and patch, so all the hacks for it need to be applied by hand, one line at a time.