1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How secure is XenForo?

Discussion in 'XenForo Pre-Sales Questions' started by davidwest, Jul 7, 2012.

  1. davidwest

    davidwest New Member

    I would like to know how good the security of XenForo is. Are there any known security issues for XenForo? Or were there any in the past? I tried to search for exploits on many exploits database sites, but I could not find even one exploit for XenForo. Does this mean XenForo is the most secure forum software at the moment? Would you say XenForo is more secure than phpBB3 or IPB3 for example? Is the reason why there are no exploits available because XenForo is so new and not so much used, or because XenForo was coded with the main aim to be the most secure forum software? Is JavaScript and Ajax not vulnerable for hacking attacks?

    Sorry for all this questions, hope someone can answer some of it.

    Thanks in advance.
  2. ManagerJosh

    ManagerJosh Well-Known Member

    There are presently no known security issues with XenForo. Furthermore, security architecture was built into the XenForo core itself. No doubt only time will tell how well the security architecture was designed, however you're welcome to always run security checks against XenForo itself and contribute security findings.

    I think you will find it is one of the more secure web applications out there.

    Permission can be found at: http://xenforo.com/community/threads/script-alert-hello-script.1469/#post-19706
    Drae likes this.
  3. Cal

    Cal Well-Known Member

    Pretty secure. It's only needed one security patch for quite awhile now and that was to fix a third party problem, not anything to do with core files. I would say that assumption is pretty accurate - all things can be hacked - but Xenforo is probably the safest option forum wise out today.
  4. davidwest

    davidwest New Member

    I don't understand. What do you mean with this statement? What is the difference to other forum software? Where do other forum software developers "built the security in" ?

    I would like to see some more answers on this topic. Or do I need a paid account to get more answers?
  5. Disrelation

    Disrelation Active Member

    In other words, XenForo was built with security in mind. Regardless, XenForo is more than likely one of the most secure forum solutions available.
  6. ManagerJosh

    ManagerJosh Well-Known Member

    Per Wikipedia: http://en.wikipedia.org/wiki/Computer_security#Security_architecture

    Security Architecture can be defined as the design artifacts that describe how the security controls (security countermeasures) are positioned, and how they relate to the overall information technology architecture. These controls serve the purpose to maintain the system's quality attributes, among them confidentiality, integrity, availability, accountability and assurance.

    Basically, security was designed from the ground up and from the beginning of development. Some older applications may not have had security built in from the ground up and added as an enhancement.

    The difference is that when you add it later on is that it's not as embedded and integrated as if it was from the beginning.

    Think of it as a car unibody frame. After the car is finished, you can try to strengthen the frame, but it would not be as lightweight and strong as if it was designed from the get go with the right material.

Share This Page