Customizing SMF > SMF Coding Discussion

Can an SMF tech expert give me some details about these claimed vulnerabilities?

(1/3) > >>

gsuser:
Hi gang,

I have been running SMF for a few months now, and all is fine, however as part of my ongoing learning curve I still enjoy reading views on the software I use on my websites.

I was browsing a web development forum, and found a thread where a guy was airing some heavily critical views about [what he asserted to be] vulnerabilities in the SMF platform.

As said, I have been happy with SMF and love the way it looks, but can the SMF admins confirm or deny the opinions in the following thread, posts #23 and #27:

http://www.blackhatworld.com/blackhat-seo/my-journey-discussions/397118-starting-forum-follow-me.html [nofollow]

The supposed problem areas are important to me, so I thought it best to ask for a response "from the source" so to speak.

I have seen SMF representatives posting on a few web development forums, putting folks straight about certain facts, and such ever present support was one of my reasons for choosing of SMF in the first place.

Would it be possible for an SMF rep to address the concerns in that thread directly? I ask because many of the search hits for "SMF" at that forum (the majority in fact) are positive.

The users over there seem to rate SMF as the best forum software after VB and IPB, and as such, I think it would benefit SMF to correct any misinformation being posted so folks (that might be looking for forum software and could use SMF) are not sent down a wrong path.

Many thanks SMF.

vbgamer45:
It's an old post no reason to bump it on their site since 1/25/2012
Otherwise post of those things are false.

nend:
The avatar thing was real but that was back on I would like to say the 1.0 branch, way too old of a vulnerability.

As for the emails, will it matters how the forum is set up. There is a setting in the admin panel that would reveal emails but revealing emails is not on by default, so someone would have to change the setting after they install the forum. I don't see the appeal of that.

gsuser:

--- Quote from: nend on August 14, 2012, 03:24:05 PM ---The avatar thing was real but that was back on I would like to say the 1.0 branch, way too old of a vulnerability.

As for the emails, will it matters how the forum is set up. There is a setting in the admin panel that would reveal emails but revealing emails is not on by default, so someone would have to change the setting after they install the forum. I don't see the appeal of that.

--- End quote ---

Hi mate,

The guy claims that "even if admin disables the display they are still reachable"

Is that correct or incorrect?

For obvious reasons I don't want some dude scraping the emails for harvesting.

I know nothing of this type of stuff, so really would like it confirmed one way or the other if the email list is safe.

vbgamer45:
That is false. If that was the case people could just scrap this entire forum or any other SMF forum.

Navigation

[0] Message Index

[#] Next page