Discussion in 'Off Topic' started by slackaz, Apr 24, 2016.
Are there a lot of security concerns with the product?
Not that I am aware of. Xenforo is known to be a stable and secure software.
None, no recent security issues at all.
Also, what is the max member count one can have?
You can have a infinite amount of members.
Not if you don't give a lot of people access to your ACP, specially those people who use the same password on many other sites.
Code-wise XenForo is very secure. It follows lots of best practices like parameterized queries, sanitized inputs, default escaping of outputs, CSRF tokens, bcrypted passwords, etc.
XenForo has a good security record with few exploits. In fact, exploits are often not part of XenForo itself but rather part of third party code which XenForo uses (eg SWFupload). And exploits are always patched very quickly.
I have a lot of experience dealing with hacked forums and I rarely see a case involving XenForo. Of the cases I have seen, the attack vector has always been something outside of XenForo like a hacked server or some other script on the site.
I'll echo what @Jake Bunce wrote. I had an opportunity to talk to Kier and Mike when they were in Los Angeles briefly, and they shared with me what their decisions on how they did things, and their approaches.
Being in the front lines day in and day out for security, XenForo is probably one of the very few applications I am willing to run without a WAF.
Separate names with a comma.