Useful Information about PHP-Nuke PHP-Nuke Security Because PHP-Nuke is so popular, it is a frequently attacked target of those, looking for security flaws. Also, since it contains a port of phpBB2, it also has to deal with the security issues of that piece of software as well. It is important to note that many of the security risks involved may be blocked by following a few key guides: - Never use the default table prefix, change it to something unique and do not publish it,
- Disable PHP's register_globals setting,
- Disable the ability to display_errors.
- Do not use versions that include the TinyMCE WYSIWYG Editor. Many security features had to be removed from PHP-Nuke in order for this editor to work.
In a production environment, the above will keep critical information from leaking. Since many SQL injection attacks make use of default table names, changing the prefix is a good idea - one not much discussed. NB: These recommendations are not applicable only for PHP-Nuke. Executing them for any PHP based content management system is suggested. PHP-Nuke Forks The PHP-Nuke project has been forked many times by different people, for different reasons. The most popular of these are: - Postnuke - based on PHP-Nuke 5.0
- Dragonfly CMS/CPG-Nuke - based on PHP-Nuke 6.5 with Coppermine Photo Gallery included
- Nuke-Evolution - Based on PHP-Nuke with many security fixes, custom modifications, and PHP-Nuke modifications pre-installed (Available in Basic, Advanced, Clan, & Business Versions)
- eNvolution - based on Postnuke
- myPHPNuke - based on PHP-Nuke 4.4.1a
- NPDS - based on PHP-Nuke 4.3
- openPHPnuke - based on myPHPNuke
- phpWebSite - project managed by the Web Technology Group at Appalachian State University
- XOOPS - based on PHP-Nuke and myPHPNuke
- Xaraya - based on Postnuke
- UNITED-NUKE - based on and fully compatible with PHP-Nuke (new features are ported continuously)
- Platinum PHP-Nuke
- Zentri
These forks, and others, have all had their own ideas regarding several aspects of the system, and thus do many things in different ways in an attempt to produce a better product. Nevertheless, most, if not all of these systems can be used to produce a community portal similar to that which can be built using PHP-Nuke, although it is possible that these systems are better at doing some things than PHP-Nuke (and vice-versa). PHP-Nuke Resources |