We have come a long way since the late 90s when someone had the genius idea of using a small yellow smiling face image instead of the more common colon-bracket representation of a smiling face.
In Invision Community, there are various places that photography can be used to create visual interest. From uploads in topics, to cover photos for blogs and members.
The humble upload field has served these areas well, but sourcing images to use can be a pain; especially when you have to walk the minefield that is copyright and attribution.
Fortunately, there are a few "CC0" online stock photo libraries that offer quality photography that requires no attribution and are not hampered by copyrights.
One such library is the ever-popular Pixabay, which was established in 2012 and features a very powerful API. Pixabay has over a million images ready to use from llamas to sausages and everything in-between.
Invision Community 4.5 now includes support for Pixabay which brings those images to your fingertips (or mouse pointer if you're on a desktop.)
This video shows the feature in use.
As you can see, not only can you upload into posts from the stock photo library, but you can also use it to add a cover image to your profile and blog entries.
Finding quality photography has never been so easy!
For those that love technical details, the stock photo picker is a programmatic option on the upload form field type making it very easy to add to your own code and apps.
How will you use this new feature? Let me know!
Although we continuously review security within Invision Community, a major release such as 4.5 allows us to be especially proactive when it comes to keeping your community safe.
This blog entry outlines several enhancements to improve security in Invision Community 4.5.
Password Handling
Keeping your member's passwords secure is the simplest way to keep accounts safe and out of the wrong hands, so it makes sense to look at ways to ensure this doesn't happen.
Invision Community already uses strong one-way hashing when storing passwords, which means that once the password is stored in the database, there is no way to know the plain text version.
However, when creating a new member account via the AdminCP, a random password was created, and this was sent in the welcome email to the new member's email address.
As of Invision Community 4.5, this no longer happens, and the new member is invited to create a new password when visiting the community for the first time.
Part of your internal security procedures might be to force a reset of all passwords periodically. Invision Community 4.5 allows this on a per-member basis, or via a selection of filters to enforce a reset for many members at once.
This clears out any stored password hashes and emails the affected members to remind them to set up a new password.
AdminCP Security
The Admin Control Panel contains the most powerful tools available to Invision Community. This is already a very secure area with a separate login with an option to add two-factor authentication to the login flow.
Part of the session authentication has been a special key in the URL. While we have protection in place to prevent this special key being discoverable by a malicious user, there remains an incredibly remote theoretical chance that this could happen with a series of complicated steps. There was an additional annoyance that you are unable to share links within the AdminCP to members of your team due to the increased protection to keep URLs safe.
As of Invision Community 4.5, we have removed the special key from the URL and moved it elsewhere in the session authentication flow. This means that it's impossible to fetch the special key via the URL and links can now be shared and will survive a login action.
Text Encryption
There are a few areas within Invision Community that we use text encryption to allow us to save data in the database in a format that is encrypted when saved and decrypted when read. This protects you in the incredibly remote event of your own hosting being compromised and your database downloaded (of course, our Community in the Cloud customers do not need to worry about this!)
Invision Community 4.5 improves on this encryption by using PHP's built-in methods which give "bank-level" security to our encryption.
Security is critical to the success of your community, and we are always proactive in improving security throughout Invision Community.
Do you have any comments on this entry? Let us know below!
