File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Security of JForum

 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi!

On your homepage you state that JForum is "very secure". What exactly does this mean? Can administrators only log in using https to avoid sending passwords in plaintext through the internet? Or should they install a client-certificate instead?

After logging in a few minutes ago, I was very surprised, that no e-mail validation happened. So how can I prevent, that my forum is flooded by spam?

--
Cheers,
Camper
[originally posted on jforum.net by camper]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
There is security at the application level and security at the web level. HTTPS is security at the web level. You can't use it unless your web server has a certificate, either the private or "trusted" kind. As to individual Certificates... that's more of a web / security level issue as well. Don't know of any general application that supports that.

Of course, since jForum has an SSO mechanism, you can front end it with any Web base security mechanism you feel you need for security.

As to other features:

e-mail validation on registration - can be turned on or off.. requires a good SMTP service.. which Raphael opted not to maintain for this server.

Captcha (enter phrase from image) - can be turned on for either / both registration and new posts.

Over all / Specific Group security - The group permissions can be used to define the level of "anonymous" access you want to having specific people only see specific forums, etc. Plus things like searching have been set up to honor the security constraints as well.
[originally posted on jforum.net by monroe]
 
Migrated From Jforum.net
Ranch Hand
Posts: 17424
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
another security feature could be that it's most likely not responding to sql injection trials ... ^^

... considering how many apps on the web had such a leak... that's rather something good ;) even phpbb at some point like last year still had an sql injection flaw for several pages
[originally posted on jforum.net by Sid]
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic