[jeremycs]

Quote:

Originally Posted by AdmiralSpock

We don't allow users to post using the [media] tags. It's just admins, mods, and other staff. I'm not that stupid.

Depending on the forum audience, it should be fine to allow the media tags.

As long as they are mature enough to know that it's possible that they will likely see something they might wish they hadn't once in awhile. :P

But it's allowing .swf (and other macromedia flash type) files to be played that is the problem. A person could easily create a flash file that would automatically redirect the browser upon loading. They could redirect it to a page that looks just like your forum login screen, steal the password & log the user user back in as if nothing happened.

The files from places like youtube, google video, etc when played through their respective players are flash & could pose the exact same problem.... but I seriously doubt that google or youtube will attempt to do anything malicious to your forum.

Quote:

Originally Posted by AdmiralSpock

And if you would have taken the time to look at the first post, Crist states that he does not know if he will update the hack or not. If I knew PHP I would do it in a heartbeat. Perhaps someone else will update the hack, I don't know. Que sera, sera.

I don't need to look at the first post to know that authors of any of these free hacks are subject to disappear at any time. How's that for stability? :P

I understand what you're saying, but every time you click "INSTALL" you have to understand that you are taking and accepting a large number of risks.

If you're really worried about it, then don't install what you (or your programmers) can't audit & maintain.


The only thing that is really guaranteed is the base Vbulletin code.... and they do a pretty fine job

But you pay annually for updates to Vbulletin.

If you didn't, you could be sure that the Vbulletin wouldn't have anywhere near as many updates and timely fixes.