PunBB Forums — Serious security flaws...

Serious security flaws...

October 14, 2010, 4:23 pm

I'm new to the punBB arena, however I'm a professional .Net developer for an agency of the federal government. While looking at the code, there seems to be a lot of overhead and some security flaws....

View Article

Re: Serious security flaws...

October 14, 2010, 9:00 pm

Also,Whoever did the Themes support really doesn't know how to use it. You create a page for the controls and use CSS for the rest and use the page declarative (or web.config) to define which theme...

View Article

Re: Serious security flaws...

October 15, 2010, 6:43 am

cgcarter1 wrote:The last thing and most important is encrypting the connection string (for obvious reasons). This is extremely easy to do in code-behind. I typically give a button event to encrypt...

View Article

Re: Serious security flaws...

October 21, 2010, 7:47 am

There is an error in the Membership Provider. On the OdbcCommand it calls for a uniqueidentifier for the PKID field. The field in the table is called UserId and a varchar. This throws an exception....

View Article

Re: Serious security flaws...

October 21, 2010, 9:07 am

Also there is a typo in the ODBC queries. It looks for a column LastPasswordChangedDate when the column in the Users table it LastPasswordChangeDate. I am rewriting the module into a class library...

View Article

Re: Serious security flaws...

December 1, 2010, 1:59 pm

Very interesting thread, I wonder why a developer hasn't replied to it or better yet, invited you to join the core development team.Cheers,Gene

View Article

Re: Serious security flaws...

December 2, 2010, 4:48 pm

Quite simple really, Gene53 - I suspect there isn't really a development team at all. Considering the code was forked into FluxBB when Informer bought PunBB from Rickard and all the updates to PunBB...

View Article