No! I’m not talking about military bases or U.S. conspiracy theories, but rather phpBB’s very own Area51 – http://area51.phpbb.com

Area51 is phpBB’s official testing ground, and as stated on the site it is the home of “bleeding edge developmental code”. The site was established in 2001 – the brainchild of psoTFX, the former leader of the development team, in order to have a local installation of phpBB that they could test in a real life situation. With the main phpBB.com forum obviously out of the question, Area51.phpbb.com can be used so that the developers can see how the latest code is holding up with many concurrent users online, without fear of users becoming annoyed if certain features aren’t working (which I will touch on in a minute).

Area51 boasts the unique feat of hardly changing at all and always changing at the same time.

Read the rest of this entry »

Despite being among the easiest of vulnerabilities to understand, injection vulnerabilities are also among the most common. For most users, they will simply manifest themselves as an error when select characters are used, but a sufficiently adept user may be able to take that error and exploit it to their advantage.

To prevent this from happening, one needs to properly sanitize all user definable variables. Unfortunately, the way one properly sanitizes a variable depends on where it’s being used. In this post, we’ll discuss how to sanitize variables for use in SQL queries and in HTML, in general and in phpBB3, and we’ll discuss what can happen if proper sanitization isn’t used.

Read the rest of this entry »