Page 2 of 3
Posted: Tue Mar 08, 2005 10:21 pm
by Supremacy
technics wrote:thinking about it, security and stability is no issue. security is only to keep users out of moderators; and visitors out of users.
Security.. a programmars worst nightmare.
No matter what you do, how long you test and debug, there will ALLWAYS be security riscs.
If not in your code, then in the browser, the server, or the code translator.
But its clear, that you dont have very much experience on that point.
Just to make a bulletproof login system, takes HOURS of coding, to get everything counted for, and tested to be the right thing.
My best advice would to be using an existing forum, and then modify it to your needs.
Coding your own forum, is a great idea... yeah... to a small business site, or your own personal homepage.
To entirely recode a new high-end forum is INSANE...
Lets say to assamble a team of 10 to build that forum, it would still take MONTHS, and would be seriously buggy.
Just my opinion.

Posted: Tue Mar 08, 2005 11:03 pm
by PrObLeM
scrotaye wrote: I can put it inside of a page (along with menus so users can still navigate the site). You can't do that with a preexisting forum such as PHPBB.
I disagree if you know what you are doing you can most defiantly edit your phpbb to fit/work within your website with little to no problems.
But the issuess you would have to face when developing are almost not even worth the time, well unless you want to do that.
sidenote: i love phpbb
Posted: Thu Mar 10, 2005 5:42 pm
by technics
hey guys i thank you for your reponses ... it is really helping.
You guys are absolutely correct - i am not an experienced web coder - have a background in application development (c++) ... where these things were not much of an issue.
Now let me confirm a few things...
some pitfalls of coding your own BB is:
-stability
-performance
-and security.
I have no issues with the first two .. they depend on my coding style and server performance.
Security is now starting to scare me a little bit.
Is SQL injection the only security risk? What else is there?
Thanks a lot...
Posted: Thu Mar 10, 2005 6:06 pm
by feyd
SQL injection is kinda an umbrella of other vulnerabilities, I often feel. Sure there's SQL injection itself, which can be a major problem, no doubt. There's HTML injection, which can lead to cookie theft, which in turn can lead to account hijacking (if not on your site, on another site). Depending on the features you provide, there could be virus/hijack launching capability through an email form or file/avatar uploads.. Suffice it to say, there's a lot to consider and protect against. Now, you may just want to protect against the casual attack, or you may want to go up against the more versed attackers.. Generally, covering the casual attacker is often fairly good on the whole. But you must protect against injections most of all.
Posted: Thu Mar 10, 2005 7:21 pm
by ast3r3x
I built my own, and it wasn't that hard but security concerns are a serious problem. I am actually most concerned about giving out and accepting cookies, because I can't control what goes on once data leaves your server.
I am actually going to build my own again because my first one was so
smurfy. I hadn't really learned CSS well yet, so most of the code I was outputting with php had the CSS embedded in it.
Doing your own is great because of the control you have. You can make it as design independent as you want, so a page can easily be changed by changing the CSS.
This has actually got me started on my new forum tonight. What I am planning on is using flash for the posting page so that you don't have to do BBCode to get a bold effect, you'll just actually be able to see bolded code. If I can pull that off, it'll be great.
feyd | watch the swearing 
Posted: Thu Mar 10, 2005 7:37 pm
by feyd
you can also look into things like htmlarea, or other things that you'll find if you search the board for it..

Posted: Thu Mar 10, 2005 9:17 pm
by ast3r3x
I can guarantee everyone I didn't use the word smurfy and make it blue
feyd: Thanks for fixing that, sorry about the wording.
feyd wrote:you can also look into things like htmlarea, or other things that you'll find if you search the board for it..

That is awesome! I'm a little mad though, because it doesn't seem to work with Safari. I know most users will be using IE or FireFox, but since I use Safari, I feel the pain. That did lead me to some thread about the same thing though.
Posted: Thu Mar 10, 2005 10:52 pm
by technics
Okay guys have said it before you all have enlightened me a great deal - what a naive internet programmer i am!
So if you can be so kind to quickly give me a run-down of what i should be watchful for when making this forum?
Posted: Fri Mar 11, 2005 9:22 am
by ast3r3x
technics wrote:Okay guys have said it before you all have enlightened me a great deal - what a naive internet programmer i am!
So if you can be so kind to quickly give me a run-down of what i should be watchful for when making this forum?
1) Don't make it suck
Is there anything else?
Posted: Fri Mar 11, 2005 10:53 am
by Buddha443556
technics wrote:So if you can be so kind to quickly give me a run-down of what i should be watchful for when making this forum?
Design first, Code second.
Posted: Fri Mar 11, 2005 5:30 pm
by Supremacy
Think of the user, and not you coding the forum.
remember to double check everything, and make it user friendly, and neat to use.

Posted: Fri Mar 11, 2005 6:12 pm
by Weirdan
Supremacy wrote:
remember to double check everything...
And check it once again... just to be sure. Then check again

Posted: Fri Mar 11, 2005 7:05 pm
by feyd
As I used to say when I did carpentry work: measure, measure, measure some more.. think about it for a while.. measure again, then cut.

Posted: Fri Mar 11, 2005 9:33 pm
by Ambush Commander
When making a big project like a forum, make sure you code neat. I have this problem: I want to code neat, but it's much easier to be sloppy. Ugh. It really gets you later.
Next, you should get a notebook and start sketching out how your logic is going to work. Using paper and pencil. Helps a lot, at least for me.
Posted: Fri Mar 11, 2005 9:51 pm
by infolock
not to mention you should probably cancel any and all pre-existing dates you have scheduled for the next year or so =) good luck man and let us know how it turns out