2.1.2 on a live environment- secure enough atm?

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
User avatar
SolarFX
Registered User
Posts: 136
Joined: Sat Sep 25, 2004 3:21 am

2.1.2 on a live environment- secure enough atm?

Post by SolarFX »

I know that 2.1.2 is really not recomended on a live environment, and it would be a really bad choice. But unfortunately, I must do something, and that is one of my only options. So, please, let's put aside the fact that it's a really stupid idea and that it contains bugs, etc.

But what I want to know is if anyone knows how secure the CVS is at the moment. I know that it can't be too secure, but is it open to hacking? Right now the bugs will be no problem, but it is security I'm worried about. This forum hasn't had any problems with security, and if they are running off of the same things, I figured that it wouldn't be too big of a problem as this forum is still here.

But my plan is to upgrade to the newest CVS every day or at least once a week and find the changes in the DB and make those changes. And eventually, when RC comes, then Final, I'll just update the files and DB until it's stable and there are no problems.

Sorry if this is asking for support, but I don't see it as support. Thanks in advance...
Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well-preserved body, but rather to skid in sideways, margarita in one hand - chocolate in the other, body thoroughly used up, totally worn out and screaming "WOO HOO! - What a Ride!"

User avatar
dhn
Registered User
Posts: 1518
Joined: Wed Jul 04, 2001 8:10 am
Location: Around the corner
Contact:

Re: 2.1.2 on a live environment- secure enough atm?

Post by dhn »

We strongly advise againt using any version before the final release. We cannot stop you, but you'll be on your own. We won't do announcements on security issues on the development version, we won't post patches. Do NOT expect the developers to fix a security issue as fast as they are doing on 2.0.x, don't even expect them posting anything here before they submit fixes to CVS. If you think you can live with that, go for it. But you'll be on your own. Sorry.

Are their security issues on the current dev version? I have no idea.
Image

User avatar
SolarFX
Registered User
Posts: 136
Joined: Sat Sep 25, 2004 3:21 am

Re: 2.1.2 on a live environment- secure enough atm?

Post by SolarFX »

I fully understand I'll be on my own, and things won't get fixed as I need them. But I have no other options. :?
Are their security issues on the current dev version? I have no idea.
That's the only thing I'm afraid of.

But I have some years of PHP under my belt, I can fix something wrong if I see it, it's just that I don't know the file system or anything- havn't explored it yet. So I'm only afraid I'd be too late or the devs would. But I cannot ask any more of them. I trust their work... but I'm still nervous. :lol:
Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well-preserved body, but rather to skid in sideways, margarita in one hand - chocolate in the other, body thoroughly used up, totally worn out and screaming "WOO HOO! - What a Ride!"

Martin Blank
Registered User
Posts: 687
Joined: Sun May 11, 2003 11:17 am

Re: 2.1.2 on a live environment- secure enough atm?

Post by Martin Blank »

They're not running off the same codebase. Further, the code releases can be days or even weeks apart for anything significant. Just look at the dates below for how long can transpire between releases:

http://sourceforge.net/mailarchive/foru ... um_id=2657" target="_blank

Further, security issues are bugs, and since the codebase is unsupported, fixes for security issues may not come about for days or weeks at a time, if at all (until release). The beta is semi-expected in the next couple of weeks (this is not solid, just what Paul has posted in his weblog as his hopes), and it would be far better to wait for that, particularly since the change from CVS to first beta may entail large numbers of changes, and any indications in support questions (which I believe will be allowed once the beta is released) that you're moving from dev code to beta code will probably result in a response of "no support." It's far better to just kick back and wait for the beta.

PS: I'm not sure if I'll be sad or not to see ninja-posting go away with the new version... dhn slipped in his less-verbose response ahead of this post.
You can never go home again... but I guess you can shop there.

User avatar
SolarFX
Registered User
Posts: 136
Joined: Sat Sep 25, 2004 3:21 am

Re: 2.1.2 on a live environment- secure enough atm?

Post by SolarFX »

Wait, that is that little thing that tells you there was another post, right? That's going? Nooo!!! I love that. :( Oh well, there must be some reason behind it.

See, the problem is, I don't really have a choice unless I go with something like IPB, and I really don't want to do that. I want phpBB.... Just a question though, what is the difference from going from development code to beta if you overwrite the files and the db is exactly the same? Maybe I'm missing something....
Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well-preserved body, but rather to skid in sideways, margarita in one hand - chocolate in the other, body thoroughly used up, totally worn out and screaming "WOO HOO! - What a Ride!"

User avatar
dhn
Registered User
Posts: 1518
Joined: Wed Jul 04, 2001 8:10 am
Location: Around the corner
Contact:

Re: 2.1.2 on a live environment- secure enough atm?

Post by dhn »

SolarFX wrote:Wait, that is that little thing that tells you there was another post, right? That's going? Nooo!!! I love that. Sad Oh well, there must be some reason behind it.
Don't worry, he was joking about so called "ninja edits". Those will go because of this cool little feature. "Ninja edits" are edits that you have to do because someone else replied to the topic before you, which can lead to some confusion in the flow of a discussion. ;) The feature will stay!
SolarFX wrote:See, the problem is, I don't really have a choice unless I go with something like IPB, and I really don't want to do that. I want phpBB.... Just a question though, what is the difference from going from development code to beta if you overwrite the files and the db is exactly the same? Maybe I'm missing something....
2.0.11? Extra features can be added through MODs and updating to 2.2 shouldn't be more time consuming than trying to keep the dev version up to date.
Image

User avatar
SolarFX
Registered User
Posts: 136
Joined: Sat Sep 25, 2004 3:21 am

Re: 2.1.2 on a live environment- secure enough atm?

Post by SolarFX »

Yeah, that was a thought. But I'm in the process of building a site that is already behind a reasonable schedule. Now I have to build a rather large site that is centered on this forum. This site is based on a few games and a few movies and books, but the last release of the entire line just came out, and people are pouring into a buggy site right now, and it can't really handle it. So I need something more organized and more powerful, and this is it.

I need to start coding the rest of the site, and I can do it around this database. MODing is not an option because I don't have the time to MOD, keeping up with CVS updates I can have multiple people help me on, but no one that I am working with has a sufficient amount of PHP knowledge (they are stylers and flash experts, etc.), so I'm on my own on that.

Now I have more time now than I will then when I have to start to foccus on adding other modules onto the site. I can't be worrying about editing the database to match 2.2s after I get done with the hours of MODing I would have to do. In other words, I'd be doing not much of anything now and tons of stuff then when there is no time for it, and I can't delay any longer.

So I was slammed in a pretty crappy situation.... I hope this works...
Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well-preserved body, but rather to skid in sideways, margarita in one hand - chocolate in the other, body thoroughly used up, totally worn out and screaming "WOO HOO! - What a Ride!"

saltydx
Registered User
Posts: 24
Joined: Sun Jun 06, 2004 1:56 am

Re: 2.1.2 on a live environment- secure enough atm?

Post by saltydx »

I don't understand why you can't use 2.0.11. That would make much more sense than using 2.1.2.

User avatar
SolarFX
Registered User
Posts: 136
Joined: Sat Sep 25, 2004 3:21 am

Re: 2.1.2 on a live environment- secure enough atm?

Post by SolarFX »

Because I would have to MOD it to get the options that I want, and I could do that, but I want a clean version so I can update it in the future without a hastle. I'm basing my entire site off of the forum software, and 2.0.11 isn't going to cut it with the features I need. And if it were at all possible for me to MOD that, then take that code and make it fit for the rest of the site and keep it updateable, time just wouldn't allow it.

There, much shorter than the last post, and more concise, don't you think? :)

P.S. I like your site. :)
Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well-preserved body, but rather to skid in sideways, margarita in one hand - chocolate in the other, body thoroughly used up, totally worn out and screaming "WOO HOO! - What a Ride!"

saltydx
Registered User
Posts: 24
Joined: Sun Jun 06, 2004 1:56 am

Re: 2.1.2 on a live environment- secure enough atm?

Post by saltydx »

Thanks for the compliment. We're in redesign phase right now so I'm not too worried with anything other than the forum and the forum database.

Considering how much time the Devs are putting into 2.2 so it will be awesome when it goes "gold", from a time standpoint, you'd actually be better off using 2.0.11. I'm not advocating any particular pre-modded phpbb package, but that's another option you have as well. Regardless of what you do, you're going to have to make changes when 2.2 comes out. As of right now, you can't update from 2.1.2 to 2.2 and I doubt that will change.

Post Reply