Can Tapatalk be made secure?

Started by Sir Osis of Liver, June 30, 2018, 07:02:38 PM

Previous topic - Next topic

Sir Osis of Liver

Upgraded forum from 1.1.18 to 2.0.15, haven't reinstalled Tapatalk yet and members are in an uproar.  I understand there are security issues, some of which involve not configuring Tapatalk settings correctly.  Has anyone used it successfully in 2.0.15?
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Ninja ZX-10RR

A few forums I worked on do have it, although I don't trust it myself, as it's got one of the worst security records ever :/ So yeah, could just tell the admin that you'll reinstall it but make them understand it's not one of the best mods to have.
Also, hello man, glad to see you're... Good, hopefully :)
Quote from: BeastMode topic=525177.msg3720020#msg3720020
It's so powerful that on this post and even in the two PMs you sent me,you still answered my question very quickly and you're apologizing for the delay. You're the #1 support I've probably ever encountered man, so much respect for that. Thank you, and get better soon.

I'll keep this in my siggy for a while just to remind me that someone appreciated what I did while others didn't.

♥ Jess ♥

STOP EDITING MY PROFILE

Illori

since they make their own copy of source files, they will NEVER get patched when the real SMF sources do for security issues or otherwise. unless they change how it is coded this will not be fixed.

Arantor

Some of their sources also deliberately ignore some SMF Settings, like the admin approval on registration setting...

landyvlad

I plan to remove it from my forum - not many use it anyway, but in answer to your question

Quote from: Sir Osis of Liver on June 30, 2018, 07:02:38 PM
Has anyone used it successfully in 2.0.15?

Yes.  Just ensure you have the newest version of TT for SMF and it works fine.
"Put as much effort into your question as you'd expect someone to give in an answer"

Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Be the person your dog thinks you are.

Shambles

At each iteration of their plugin for SMF I make several small modifications to suit my forum, such as creating custom posts for new signups (moderator view only) and inhibiting their smartbanner (which periodically alerts non-Tapatalk browser users to the existence of the Tapatalk app) - they want $5 per month to do that for you.

Sir Osis of Liver

Sounds like crap.  I don't use mobile, so it's difficult for me to understand what they're getting out of it that's important to members.  Installed Responsive Curve mod, but no one seemed to notice any difference.  They're complaining about having to resize images before uploading to forum, which apparently is a problem on phone, and something about youtube vids.  There's an attachment resize mod I'm using on one of my forums that works well, and at least a couple of youtube embed mods, but don't really have any idea if they'd address the complaints.  Can't imagine why anyone would use a phone to browse the net, but, hey, I'm an old guy.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

landyvlad

Quote from: Sir Osis of Liver on July 01, 2018, 11:40:00 PM
Can't imagine why anyone would use a phone to browse the net, but, hey, I'm an old guy.


I did it for years !






:D
"Put as much effort into your question as you'd expect someone to give in an answer"

Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Be the person your dog thinks you are.

GigaWatt

Quote from: Sir Osis of Liver on July 01, 2018, 11:40:00 PM
Can't imagine why anyone would use a phone to browse the net, but, hey, I'm an old guy.

I'm not that old... at least I don't consider myself to be, but I don't own a smartphone and probably never will... mostly because of the lack of a physical keyboard (no, I don't like those tiny things they call tablet keyboards) and a mouse... touchpad?... it's just not the same.
"This is really a generic concept about human thinking - when faced with large tasks we're naturally inclined to try to break them down into a bunch of smaller tasks that together make up the whole."

"A 500 error loosely translates to the webserver saying, "WTF?"..."

Kindred

dunno about the responsive curve mod...  but the responsive theme (Studio003) shows up VERY nicely on mobile devices. We use that over on fx-sabers.
(and I primarily use a mobile device (phone or ipad) to do my web stuff these days. I am rarely in front of a computer when I have time to do something other than actual work.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Sir Osis of Liver

Had to reinstall Responsive Curve (I'd been hacking away at index.template.php and inadvertently removed most of it :P), now it's working and I can see it on my Kindle Fire, which I believe displays stuff same as a phone.  That being the case, should be able to see what I'm doing now and am making further modifications for mobile.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Sir Osis of Liver

Quote from: Kindred on July 02, 2018, 11:18:32 AM
the responsive theme (Studio003) shows up VERY nicely on mobile devices.

Can't find it. :(
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Arantor


Sir Osis of Liver

Will give it a look.  Lot of cranky old guys >:( on this forum, been using 1.1 Core for 10-12 years and very resistant to change.  So far they like Curve, so we're trying to stay with it.
Ashes and diamonds, foe and friend,
 we were all equal in the end.

                                     - R. Waters

Aleksi "Lex" Kilpinen

I would say there is no way to make Tapatalk secure, as it is.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

landyvlad

Quote from: Aleksi "Lex" Kilpinen on July 14, 2018, 03:18:21 AM
I would say there is no way to make Tapatalk secure, as it is.

Indeed. The security (or otherwise) of Tapatalk is up Tapatalk to manage. Of course, they'd have to acknowledge them as security issues first, which largely they don't.
I doubt there's anything that can be done down the line (eg in SMF or any other platform) to circumvent the problems that Tapatalk has already 'let through'.
"Put as much effort into your question as you'd expect someone to give in an answer"

Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Be the person your dog thinks you are.

HDB

5 vulnerabilities and one exploit.

https://www.cvedetails.com/vendor/13774/Tapatalk.html

Is that bad? I use them but I also run a WAF on my forum just in case.  ;)

Kindred

Yes, they are bad... not only because of their own vulnerabilities... but because, instead of installing into smf code, they insist on using their own copy of subs.php — which means that file does not get upgraded with security patches for smf's subs.php
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

Aleksi "Lex" Kilpinen

And that CVE report is honestly just a tip of the iceberg, based on what I've been reading about it on various Forums. They have a habbit of downplaying issues, and not informing their users of security issues or even fixes.

( For example, Tapatalk allowed everyone access to everyone's Private Messages on Phpbb a while back. Was acknowledged by Tapatalk, but never made public. )
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

landyvlad

As time goes on, with better and better mobile themes for forums, tapatalk will lose relevance IMHO.
"Put as much effort into your question as you'd expect someone to give in an answer"

Please do not PM, IM or Email me with questions on astrophysics or theology.  You will get better and faster responses by asking homeless people in the street. Thank you.

Be the person your dog thinks you are.

Advertisement: