Servlet Web Hosting - MySQL, Java, JSP, Servlet, Tomcat, SSH Blog

298 CHAPTER 10 SECURING AND MAINTAINING PHPBB Guidelines for Strong, Secure Passwords A strong password policy, particularly for people with power, is crucial to security. Having staff members rotate passwords on a regular basis is good common sense. Using strong passwords with a mix of letters, numbers, and symbols helps prevent hackers dictionary attacks. Thankfully, if they should break in, hackers cannot glean passwords from the database, as phpBB encodes passwords in the database using the MD5 one-way algorithm. This prevents intruders from deciphering the passwords in the database should they get that far. This also means that if you forget your password, you will need a new one. Note The MD5 one-way algorithm has its advantages and its disadvantages. Passwords must be stored in the phpBB database, but in their encrypted form. When someone logs in to the forum, the password she supplies at login time is encrypted, and that is compared with the encrypted password stored in the database. No decryption takes place, because the MD5 algorithm is a one-way encryption. This has the advantage of passwords being unlikely to be decrypted (never say never!) should any malicious intruder break into your database. However, this means that any passwords cannot be e-mailed to the forgetful board user, which is a small price to pay for the level of security MD5 affords. Installing Updates All the permissions in the world won t help you if your board has a flaw in its security, which could let Joe Hacker simply slip past those permissions! Fortunately, the phpBB Group regularly publishes updated versions of phpBB that contain security and other bug fixes. Keeping up with these updates, as tedious as it may be (especially if Chapter 11 inspires you to install a ton of modifications), is quite important, as updates have been known to be released in rapid succession. While installing updates can sometimes be a pain and an inconvenience, it is even more inconvenient and painful to catch up with a few updates in succession. Keeping Abreast of Updates The phpBB Group uses several methods of notifying administrators when phpBB upgrades are released. phpBB versions 2.0.13 and later sport an update check, direct from phpBB.com, on the front page of the Administration panel, as shown in Figure 10-3. Figure 10-3. phpBB s upgrade notification message (note that this installation of phpBB 2.0.13 is outdated and should be upgraded)
If you are looking for cheap and quality webhost to host and run your website check Jboss Web Hosting services.

This entry was posted on Wednesday, September 19th, 2007 at 1:03 pm and is filed under MySQL5. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.