Ask Slashdot: What Is the Best Way To Add Forums To a Website? 259
First time accepted submitter DustyMurray writes "I am considering adding forums to my website, and am just getting confused by all the options. My first reaction is always DIY. You get better website integration, and it looks and feels 100% how you want it to look and feel. However looking at things like phpBB and Vanilla forums, I will be hard pressed to build a better user experience in a reasonable amount of time. Also these out-of-the-box solutions seem to be shouting 'Easy to integrate with your website.' So, considering this, how easy are these ready build forums really to integrate? I want to be able to insert stuff on certain pages, so it's not either the forums, or my site... It must be a mix. I do not want a second login system on my site. And last but not least, I definitely don't want to have this typical generic look that most forums sport. Can all that be delivered with the out-of-the-box forums that exist today? Which one is the most flexible regarding these wishes?"
Re:vBulletin (Score:2, Insightful)
Be Careful (Score:2, Insightful)
Begging the question (Score:3, Insightful)
Should you add a forum to a web site? Are you ready to moderate it, defend it against spammers and irate users, manage lost passwords and deal with intellectual property disputes? A forum doesn't sleep, a forum doesn't go on holiday.
Depends (Score:4, Insightful)
There are multiple very good forum software projects, and I have no clear preference. phpBB and SMF are good standalone solutions; Drupal is powerful if you're looking to have much more than a forum. LAMP (as in PHP/MySQL) is by far the most popular technology. Ruby and Python might be more stylish, but most of the PHP software has had years of continual improvement. Best get several of them (Wikipedia has a complete list) and try them out locally for comparison.
Only two things I'd recommend against:
- First, on absolutely no account try to write your own from scratch. The best projects now available have been in development for almost ten years (more in some cases). This is an extremely complex application with many pitfalls in design, database architecture, extendability, and security. If you were the best programmer in the world, it would take you months of constant testing and bugfixing before you had anything approaching stability; and you'd spend the coming years finding security holes and fixing design mistakes.
- Second, avoid commercial solutions if possible. They're not usually better. Also, you should factor in not just the purchase price but the continual costs of upgrades and user-contributed addons. One good commercial board I've worked with is IPB, but that's only in recent versions after years of development - and I still prefer phpBB.
Re:vBulletin (Score:4, Insightful)
The downside is it will be constantly full of porn+Viagra+poker spam.
The spammers have got their scripts for attacking all the popular bulletin boards down to a fine art...
Comment removed (Score:4, Insightful)
Re:Can't believe this got through submission queue (Score:3, Insightful)
You're a dick. We should ban people from posting LMGTFY links on Slashdot just like we did on stackoverflow.
Interesting joelonsoftware article on this... (Score:3, Insightful)
Re:Take all the recommendations you get here ... (Score:4, Insightful)
1) You seem to know nothing about Java and JVM security. It is immaterial what language you are using on the server-side, Java is no more or less secure than any other.
2) What difference does it make what the market share of a piece of software is. It is either SECURE or NOT SECURE. If it is not secure then it doesn't matter if one person uses it or 3 million, it is still not secure.
When evaluating the security of a web application there are many considerations (I've actually taught web app security courses and done all this stuff). You should certainly look at how many advisories there are on a given product. You should also see when these happened, how they were resolved, etc. It may be better to use an application that has had numerous issues that have been promptly fixed for instance. How easy are updates to roll out? How soon do fixes come out? Can you review the source code to look for good coding practices and engineering? As for SQL does the product EVER use anything but bind params? If it does construct dynamic SQL that's a red flag, but it MAY be OK if ALL input parameters are carefully cleaned (bonus points of something like perl's taint mode is in use). Ideally you'd also want to run a full security scan against your test install with a good fuzzer and see what happens. If you can easily shake out bugs yourself then that's a red flag too.
In other words you really can't sort out the security of an application by any simple formula, and certainly you need to use the right considerations. Anyone interested in getting more detailed advice would do well to start with something like OWASP https://www.owasp.org/index.php/Main_Page [owasp.org]
Re:Take all the recommendations you get here ... (Score:4, Insightful)
Yes, because changing your entire back-end architecture is a more logical move than escaping your strings or using parameterized queries or any of the other tools that can not only eliminate SQL injection vulnerabilities, but often make the code easier to write and read.
Re:vBulletin (Score:5, Insightful)
Glad I never tried to sign up there. I am no idiot, and I like anime, but even if I *could* figure such a thing out, I can't imagine I would take the time and effort to do so. I might run a few google searches, but I have doubts that that would be enough to find it.
Re:vBulletin (Score:4, Insightful)
What about accessibility? Are you blocking those who have vision problems? :(