tranceandy

Maybe it has! Bad Wolfie, Bad

Working on the other groups, but should be fixed (to 20) for Active customers group.

1) You *could* create your database user with limited permissions (I don't know the maximum required off hand)... however, if someone gets hold of your SQL username and password (or otherwise finds a way to execute arbitrary SQL commands), I think it's safe to say you're pretty screwed even with those permissions. Amongst what you list is DELETE and DROP - that's everything that's needed to destroy a database.
That one sounds just like a way to make people feel more secure.

2) That won't prevent injection threats. I believe the thinking is if someone has found an injection vulnerability, it will limit the damage they can do, but, as I said before, if someone has found a way to execute arbitrary SQL commands - it's kind of beyond the point of help. All they need to do is run "SHOW TABLES;" and they'll see a list of your tables, thus showing your prefix.

3) Not totally sure what those keys are for...

4) Yes, a secure password is always good :)

5) All those are good ideas, and there are features in IPB for doing them.

6) The option is in 3.0, although, for many people, it's probably not worth the expense ;)

7) I agree with Wolfie, that just seems annoying to me: "Hey, you just signed in to the ACP!"

IP.Subscriptions 1.0.0 Beta 1 :)

What I would like to see is permission masks for the Admin CP, so you can have easily have different settings for different groups of admin :)

How about adding the green icon for active users, newest member, and birthdays? :)

You mean like I'm trying to do with the secondary groups? That would be nice. Doubt it'll make it into the 3.0.x series. But definitely for that if it will allow me to set a group to Admin (but very limited access) and then grant them permissions based on the masks I apply to them.

Could even have some pre-defined masks (to get you started), such as member editing, forum editing, emoticon/bbcode and skin/language.

I was reading the Wordpress Whitepaper v1.2 at BlogSecurity.net and read some useful tips to making Wordpress more secure. My question is could/would any of these recomendations make IPB more secure? I have also included what I know about already :D

For example:


[*]They mention when creating the database user to only give GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP permissions. Is this the same for IPB?[*]With regards to the sql tbl prefix:


$INFO['sql_tbl_prefix'] = ''; Is this safe to have blank, just something like ibf_, ipb_ etc or would it be better as they suggest to have something more random i.e 95MkN8 to prevent database injection threats?[*]They also have the ability for generating secret keys at which creates something like this for Wordpress.

https://api.wordpress.org/secret-key/1.1/
define('AUTH_KEY', 'l4Zyc=XP3D4C1b`#k~Zj1TYh,dT/C/:9+{wx,ZhVXI]8!O7VIXDjs]iPhpPx[zmp'); define('SECURE_AUTH_KEY', ')EU[Nf`FRl9mYvh4Xzc.h:2DI`Jv-v!5l27d=]Ks1K$f{}3z/|a:o-d2pedu.Dyq'); define('LOGGED_IN_KEY', 'Z/=ujR`e^1fuGnb[4} 4FP!ASkozQ~>(!~Xbd@4coz-Kp ,07%|O;_xSWw`p13&m'); define('NONCE_KEY', ' g-y+$I&WBL?nD4.;Xw<f:x|*36FDEn9<)D<6EFO~vE_BlN6Uta?F2Y_`(]dQD-L');





I think IPB has something like this from what I remember but wasn't too sure so thought I would mention it [*]Creating a very secure password for the Admin CP, FTP, MySQL etc goes without saying but how many people actually do? I generate a 16 alphanumeric password with special characters included.[*]Restrict access to the Admin CP by:
Renaming the folder and changing the new name in the initdata.php file i.e

define( 'CP_DIRECTORY', 'XP3D4C1b' );
CHMODing the directory to 501 as suggested:


Restricting access by requesting a password using .htpasswd and .htaccessRestricting access to it by entering static IP addresses of those admins who have permission to it.

What do you think of these ideas? Please give your feedback as I am sure it will benefit many IPB owners and administrators :D

I just noticed this. It would be stellar if it was similar to the Tracker, where updating the status was a new post and you could comment on the update.

While the report center shows the user who last updated the status of the report in the report list view, it doesn't show who the last person to post in the report thread is, nor is there any notification of new replies.

The system's a good idea, but it would be really nice if it behaved more like a forum.

My users have suggested that the search system have the ability to sort by, or at least display, the rating of the topic or threads returned by the search.
Ditto for the reputation and rating of the users returned in a member search.

I was reading the Wordpress Whitepaper v1.2 at BlogSecurity.net and read some useful tips to making Wordpress more secure. My question is could/would any of these recomendations make IPB more secure? I have also included what I know about already :D

For example:


[*]They mention when creating the database user to only give GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP permissions. Is this the same for IPB?[*]With regards to the sql tbl prefix:


$INFO['sql_tbl_prefix'] = ''; Is this safe to have blank, just something like ibf_, ipb_ etc or would it be better as they suggest to have something more random i.e 95MkN8 to prevent database injection threats?[*]They also have the ability for generating secret keys at which creates something like this for Wordpress.

https://api.wordpress.org/secret-key/1.1/
define('AUTH_KEY', 'l4Zyc=XP3D4C1b`#k~Zj1TYh,dT/C/:9+{wx,ZhVXI]8!O7VIXDjs]iPhpPx[zmp'); define('SECURE_AUTH_KEY', ')EU[Nf`FRl9mYvh4Xzc.h:2DI`Jv-v!5l27d=]Ks1K$f{}3z/|a:o-d2pedu.Dyq'); define('LOGGED_IN_KEY', 'Z/=ujR`e^1fuGnb[4} 4FP!ASkozQ~>(!~Xbd@4coz-Kp ,07%|O;_xSWw`p13&m'); define('NONCE_KEY', ' g-y+$I&WBL?nD4.;Xw<f:x|*36FDEn9<)D<6EFO~vE_BlN6Uta?F2Y_`(]dQD-L');





I think IPB has something like this from what I remember but wasn't too sure so thought I would mention it [*]Creating a very secure password for the Admin CP, FTP, MySQL etc goes without saying but how many people actually do? I generate a 16 alphanumeric password with special characters included.[*]Restrict access to the Admin CP by:
Renaming the folder and changing the new name in the initdata.php file i.e

define( 'CP_DIRECTORY', 'XP3D4C1b' );
CHMODing the directory to 501 as suggested:


Restricting access by requesting a password using .htpasswd and .htaccessRestricting access to it by entering static IP addresses of those admins who have permission to it.

What do you think of these ideas? Please give your feedback as I am sure it will benefit many IPB owners and administrators :D

I was reading the Wordpress Whitepaper v1.2 at BlogSecurity.net and read some useful tips to making Wordpress more secure. My question is could/would any of these recomendations make IPB more secure? I have also included what I know about already :D

For example:


[*]They mention when creating the database user to only give GRANT SELECT,INSERT,UPDATE,DELETE,CREATE,DROP permissions. Is this the same for IPB?[*]With regards to the sql tbl prefix:


$INFO['sql_tbl_prefix'] = ''; Is this safe to have blank, just something like ibf_, ipb_ etc or would it be better as they suggest to have something more random i.e 95MkN8 to prevent database injection threats?[*]They also have the ability for generating secret keys at which creates something like this for Wordpress.

https://api.wordpress.org/secret-key/1.1/
define('AUTH_KEY', 'l4Zyc=XP3D4C1b`#k~Zj1TYh,dT/C/:9+{wx,ZhVXI]8!O7VIXDjs]iPhpPx[zmp'); define('SECURE_AUTH_KEY', ')EU[Nf`FRl9mYvh4Xzc.h:2DI`Jv-v!5l27d=]Ks1K$f{}3z/|a:o-d2pedu.Dyq'); define('LOGGED_IN_KEY', 'Z/=ujR`e^1fuGnb[4} 4FP!ASkozQ~>(!~Xbd@4coz-Kp ,07%|O;_xSWw`p13&m'); define('NONCE_KEY', ' g-y+$I&WBL?nD4.;Xw<f:x|*36FDEn9<)D<6EFO~vE_BlN6Uta?F2Y_`(]dQD-L');





I think IPB has something like this from what I remember but wasn't too sure so thought I would mention it [*]Creating a very secure password for the Admin CP, FTP, MySQL etc goes without saying but how many people actually do? I generate a 16 alphanumeric password with special characters included.[*]Restrict access to the Admin CP by:
Renaming the folder and changing the new name in the initdata.php file i.e

define( 'CP_DIRECTORY', 'XP3D4C1b' );
CHMODing the directory to 501 as suggested:


Restricting access by requesting a password using .htpasswd and .htaccessRestricting access to it by entering static IP addresses of those admins who have permission to it.

What do you think of these ideas? Please give your feedback as I am sure it will benefit many IPB owners and administrators :D

I've been a customer of IPB since 2004. Next month will be our 5 year anniversary. We have a large board/gallery/blog and use Parachat, as well. Throughout the five years, we have consistently received outstanding support from IPB. At this point, I can not imagine trying to run my business without them. Getting the supported solution (we have our own IPB supported server) was one of the smartest business decisions I made.

Example: We were having issues with our database off and on during the past few weeks. Despite all of the upgrade madness going on at the moment, the guys (especially Jason and Blake) kept at the issue until they found what was behind the crazy symptoms. Of course, they fixed it. They listen to my feedback about what is going on and use that as a starting point to dig into the problem.

As a note to new customers: During this extremely busy time, I would highly recommend that if you find it is necessary to put in an emergency ticket requiring immediate attention(such as having database errors which essentially take you offline, having errors that can't be worked around while you are in the pile, or if you have your board disappear from the planet), it can help things move along a little better if you put in the ticket AND call the support phone number and explain what's going on. IPB will then pull your ticket out of that massive pile of upgrade requests and issues they are currently wading through and get to work on it. (Normally, this is not necessary.)

Of course, it is best to only tell them that you have an emergency if you actually have an emergency.

As another note: I've never seen them as busy as they have been during this 3.0 upgrade. Typically, my support tickets are turned around immediately. I've always been so happy and now my members consider them part of our team. All I have to do is tell them that I've put in a ticket with support and they begin congratulating me for having such a great team... as if I was personally taking care of it for them. Nice.

So don't worry... the turn-around time will go back to normal once it is over. I'm not worried at all.

After this last round of fixes, I felt that it was time to publicly tell the entire IPB support team, "NICE JOB!"

Rozanne Paxman - CEO
ScrapGirls.com

I run a Colostomy support message board where patients help each other with support and advice of dealing with a colostomy, be it for a few weeks temporarily, of permanently due to cancer etc. My board also has a pretty large off topic posting community contained within it.

I would very much like to be able to disable post reputation in the off-topic forums, so that reputation is based on supportive posts to users needing support in our ostomy-support forums, rather than from posting cute pics of the dog with a toy in the off topic forums.

So, that's my suggestion for a future build of IP Board. It would really make my community better. I did ask in peer to peer if this was possible with current settings etc, and was told it was worthwhile posting a request in here. :)

Another possible feature, which would be useful in cases of the reputation system being abused is a setting that lets ONLY the Original Poster being able to vote as to which replies/posts have been useful to them.

Many thanks for reading this. I hope those ideas are useful to you. :)

Best wishes to all,

Jason Dale.
West Yorkshire, UK.

You'd have to ask the community resources team for that - that's not something with ipb (and IPB does make it possible)

That would be a suggestion for IP.Tracker, IP.Board has the functionality built in to it to allow this already, apps (like IP.Tracker) just need to tie into that.

Speaking of modules...

Would REALLY love it if we could pick and choose exactly where each application will appear. Not only on the tab bar, but also have a secondary (if wanted or needed) tab bar. I like to try to have my tabs alphabetical (after the first 3 main tabs), but can't do it because of how it's mixed-sorted.

Also be nice if an option could be chosen that would put all the add-ons into drop down menus. Allow me to create a drop down menu of "Featured Add-Ons" where I might include IPS extras, then another tab where I might include 3rd party add-ons such as shoutbox, tracker, etc.

Just done a search for Tracker in this topic but nothing found...

So I would like to suggest that the View New Content link shows new Tracker posts too aswell as Help Files, Forums, Members, Blogs, Calendar and Gallery :)

The bulk of the IPB3 documentation is now delivered inline in the ACP - click the 'Get Help With This Page' button on any page to load it :) We'll be adding to what's available over time.

Thank you Andy.
I am considering to renew the support so that I can access the resources website.

Btw, what is peer-to-peer tech. support?
Is that mean active customers supporting active customers?

No problem Ballet and as Rikki reminded me documentation is in the Admin CP :)

Yes the peer-to-peer tech. support is active customers supporting active customers :D

Documentation hasn't been released yet and is still being worked on from the last I read. You may find the resources website useful until then or ask in the Peer-to-Peer Technical Support forum :D

Sorry Rikki, I should have remembered that

Then middle-click. :)