open source forum vs. own code forum
Moderator: General Moderators
open source forum vs. own code forum
as the subject line suggests I want to find out if me choosing to program my own forum for large volume purposes is better than using an open source forum e.g. phpBB?
the forum i want is very design specific - hence the reason for me wanting to write my own. But I am skeptical that my version of a forum will not be efficient as others...
In terms of how I store the threads/messages, how i retrieve etc etc ...
So what is the best advice?
the forum i want is very design specific - hence the reason for me wanting to write my own. But I am skeptical that my version of a forum will not be efficient as others...
In terms of how I store the threads/messages, how i retrieve etc etc ...
So what is the best advice?
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
There's a lot of reasons to do both. However, because of "large volume purposes" I'd go with a properly modified open source forum. Honestly, if you didn't start with a system already built for high volume, it'd take quite a while for you to grow your knowledge and code to that point. Since you'd likely continue using the same code versus throwing a complete set away to rebuild from the ground up, the inherent issues you had initially, will most probably expand with age, instead of shrink.
my $0.02
my $0.02
100% agree with feyd. The only other comment that is very much worth mentioning is one my brother in-law gives me : why re-event the wheel? phpBB (along with others) have already been all the hell you would actually be putting yourself through upon taking on this task (ie bugs, security issues, etc..). If you merely want to have your own distribution to say it's yours, I say go for it. Otherwise, if you are gonna use it for commercial or other such purposes, as feyd said, a pre-existing open source forum would be exactly what you need...
I have my own 'high-volume' forum. It wasn't that hard to do and it fits into my site much better. I can put it inside of a page (along with menus so users can still navigate the site). You can't do that with a preexisting forum such as PHPBB. The forums weren't THAT hard to do, although I had a couple questions along the way. I'd suggest making your own if you have the time.
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
The decision can break down into a set of questions you ask yourself:
- What is the time table you have to get this up?
- How much time do you personally have to devote to supporting the forum's codebase?
- What features do you want versus need?
- Where do you place the value of your time?
- Is the forum for your own site, or will its code be shared among sites?
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
phpbb was written in a semi-procedural manor. It grew from the original code in that way, as it was originally written. I don't believe anyone on their team has decided to throw away the bulk of it to start over, building on the knowledge they have grown with since then. You may have initial trouble figuring out how everything works in it. If you spend enough time looking at it, you'll either begin to understand or go stark raving mad. 
well my intentions were to build the entire site using OOP paradigm. infact i was not going to use any elements of procedural development techniques.
thinking about it, security and stability is no issue. security is only to keep users out of moderators; and visitors out of users.
furthermore, stability refers to how often the website is down than up - ideally i am going to make sure its up more often than not. and in terms of it being fast - well that would just be the employment of good sql statements and minimal processes (statements) to display/process data. All these concepts we keep mindful of when building websites anyway. I really dont see how forums will be different - except of course for the database design - ... but then again ... DB design can be helped as long as you know up to say 4NF. (or just 3NF).
What do you reckon?
thinking about it, security and stability is no issue. security is only to keep users out of moderators; and visitors out of users.
furthermore, stability refers to how often the website is down than up - ideally i am going to make sure its up more often than not. and in terms of it being fast - well that would just be the employment of good sql statements and minimal processes (statements) to display/process data. All these concepts we keep mindful of when building websites anyway. I really dont see how forums will be different - except of course for the database design - ... but then again ... DB design can be helped as long as you know up to say 4NF. (or just 3NF).
What do you reckon?
Completely disagree with this...there will always be someone "trying to get one over you" and if you dont take security seriously, you are gonna make it easy for them.technics wrote:thinking about it, security and stability is no issue
Even up to phpBB 2.0.12 (current version 2.0.13) there was an exploit that let you login as admin.
Last edited by JayBird on Fri Mar 11, 2005 10:49 am, edited 1 time in total.
- John Cartwright
- Site Admin
- Posts: 11470
- Joined: Tue Dec 23, 2003 2:10 am
- Location: Toronto
- Contact:
But keep this in mind when thinking about security...
Experience coders that are constantly working on phpbb are still leaving major security holes even up to this version. I'm sure there are still some undiscovered, but I'm sure these people are far more experienced than you are and they seem to be missing out on some very important security issues.
You say security not a problem?
I say you are in for a bad experience.
As for enlightment of SQL injection, it is basically adding unwanting code through user inputs, such as text fields, that alter an SQL query to perform unwanted tasks.
For example.. I have
This is obviously asking for trouble, considering the user input is not sanitized. Keep in mind that ANYTHING coming from the user should NOT be trusted and should be sanitized.
You are expecting a number? check if its a number, and only a number.
But how can we exploit this SQL query?
$_POST['fieldname'] = "1' OR `id` = '2";
the query now becomes
This is obviously not the best example, but you get the point..
unwanted `topics` are going to be deleted..
Experience coders that are constantly working on phpbb are still leaving major security holes even up to this version. I'm sure there are still some undiscovered, but I'm sure these people are far more experienced than you are and they seem to be missing out on some very important security issues.
You say security not a problem?
I say you are in for a bad experience.
As for enlightment of SQL injection, it is basically adding unwanting code through user inputs, such as text fields, that alter an SQL query to perform unwanted tasks.
For example.. I have
Code: Select all
$sql = "e;DELETE * FROM `topics` WHERE `id` = '"e;.$_POSTї'fieldname']."e;'"e;;You are expecting a number? check if its a number, and only a number.
But how can we exploit this SQL query?
$_POST['fieldname'] = "1' OR `id` = '2";
the query now becomes
Code: Select all
$sql = "e;DELETE * FROM `topics` WHERE `id` = '1' OR `id` = '2' "e;;unwanted `topics` are going to be deleted..