News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

Can Tapatalk be made secure?

Started by Sir Osis of Liver, June 30, 2018, 07:02:38 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 All
User actions

Aleksi "Lex" Kilpinen

#20
July 17, 2018, 11:55:58 PM
Quote from: landyvlad on July 17, 2018, 11:51:42 PM
As time goes on, with better and better mobile themes for forums, tapatalk will lose relevance IMHO.
Sadly, with the rise of the mobile app to make coffee -generation, I am a little more sceptical. There are huge groups of people who believe in apps being the end all solution to everything, and not even know of alternatives.
Slava
Ukraini!
"Before you allow people access to your forum, especially in an administrative position, you must be aware that that person can seriously damage your forum. Therefore, you should only allow people that you trust, implicitly, to have such access." -Douglas

How you can help SMF

HDB

#21
July 18, 2018, 12:03:53 AM

Quote from: Kindred on July 17, 2018, 11:29:00 PM
Yes, they are bad... not only because of their own vulnerabilities... but because, instead of installing into smf code, they insist on using their own copy of subs.php — which means that file does not get upgraded with security patches for smf's subs.php
Thank you Kindred! I do know that they release regular updates that come along closely after SMF has released patches. I obviously don't know but maybe their release schedule takes into account changes in SMF's security patch to the Subs.php.

The reason I ask if it was bad was there seems to be a great deal above said about them having a bad security record but no one says what that record is. Their one exploit was on a vBulletin forum. 

Just for comparison so we can talk facts, SMF has 9 vulnerabilities but no exploits. 9 vulnerabilities resolved before an exploit ever occurred.

https://www.cvedetails.com/product/16560/Simplemachines-SMF.html?vendor_id=9338

Once agian thank you for bringing the knowledge that they use their own subs.php. My hope is that they know that is a risk and they mirror the changes SMF makes.

Kindred

#22
July 18, 2018, 09:30:15 AM
Their lack of update and support was one of the reasons that their mod was removed from the mod site here.

And, since we do not release specific information on HOW the security issues were patched, nor specific information on what the actual patch was designed to fix - they would have to go line by line to determine that they are actually up to date on their version.   Additionally, by using their own subs.php, it means that the forum through tapatalk will have issues with any mods that edit subs.php.

Finally, we *KNOW* there have been issues reported with Tapatalk ignoring the registration settings in the admin (e.g. allowing spammers to register directly and bypass any anti-spam methods that the admin has installed.
I have also seen at least one complaint where a user was able to (for all intents) log in as another user in the cache

Incidentally, most of the "vulnerabilities" reported on SMF require admin access in the first place. We haven't patched some of those because the admin already has access to do ANYTHING by use of the package manager and theme manager.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."
Print
Go Up Pages 1 2 All
User actions
Advertisement: