Thread: PostgreSQL with Phorum
For those that do not know what Phorum is, it is a message board written in PHP that uses a database. sure there are lots, but Phorum was the first. It was also the first to support PostgreSQL way back when. Anyhow, to this point, Phorum has simply worked with PostgreSQL. I want to make it as good (or better) as it does with MySQL. I am a MySQL developer. That is what I do for a living. I know the arguments. Please don't turn this into a MySQL/PostgreSQL thing. The thing is I don't know squat about the powerful parts of PostgreSQL. I am currently working on Phorum version 5. This version features a completely abstracted database layer. Not just abstracted function calls like PEAR of PHPLIB. All SQL and function calls are contained in a set of functions that the other Phorum files call. This means that each database system can be utilized to the fullest to make it work as best it can on that system. Now, I can make PostgreSQL work. But, I was hoping to get a REAL PostgreSQL developer to help me out on this. Perhaps there is someone who has used or seen Phorum. I know people are using it with PostgreSQL. Thanks, Brian Moon Phorum Dev Team
Hi Brian, This sounds interesting. If you want to really learn to get the most out of PostgreSQL, you're probably best to join the PostgreSQL "Hackers" mailing list. If you've learnt not to deliberately leave backdoors in your code so you can walk into sites', as you used to do with Phorum's code, then you might find some people here willing to help. Just checked the Phorum website and noticed you've removed the original advisories, from a few years ago. Hmmmmm.... don't be surprised if people here watch you *very carefully*, due to your prior history of having abused people who placed trust in you. Justin Clift Brian Moon wrote: > > For those that do not know what Phorum is, it is a message board written in > PHP that uses a database. sure there are lots, but Phorum was the first. > It was also the first to support PostgreSQL way back when. > > Anyhow, to this point, Phorum has simply worked with PostgreSQL. I want to > make it as good (or better) as it does with MySQL. I am a MySQL developer. > That is what I do for a living. I know the arguments. Please don't turn > this into a MySQL/PostgreSQL thing. > > The thing is I don't know squat about the powerful parts of PostgreSQL. I > am currently working on Phorum version 5. This version features a > completely abstracted database layer. Not just abstracted function calls > like PEAR of PHPLIB. All SQL and function calls are contained in a set of > functions that the other Phorum files call. This means that each database > system can be utilized to the fullest to make it work as best it can on that > system. > > Now, I can make PostgreSQL work. But, I was hoping to get a REAL PostgreSQL > developer to help me out on this. Perhaps there is someone who has used or > seen Phorum. I know people are using it with PostgreSQL. > > Thanks, > > Brian Moon > Phorum Dev Team > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to majordomo@postgresql.org) -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
I don't have much time, but I'm happy to look at schemas and index optimisation for you, etc. Has Phorum removed its silly requirement of creating two whole entire tables per forum yet? Chris ----- Original Message ----- From: "Brian Moon" <brian-pgsql@phorum.org> To: <pgsql-general@postgresql.org>; <pgsql-php@postgresql.org> Sent: Sunday, August 18, 2002 11:14 AM Subject: [PHP] PostgreSQL with Phorum > For those that do not know what Phorum is, it is a message board written in > PHP that uses a database. sure there are lots, but Phorum was the first. > It was also the first to support PostgreSQL way back when. > > Anyhow, to this point, Phorum has simply worked with PostgreSQL. I want to > make it as good (or better) as it does with MySQL. I am a MySQL developer. > That is what I do for a living. I know the arguments. Please don't turn > this into a MySQL/PostgreSQL thing. > > The thing is I don't know squat about the powerful parts of PostgreSQL. I > am currently working on Phorum version 5. This version features a > completely abstracted database layer. Not just abstracted function calls > like PEAR of PHPLIB. All SQL and function calls are contained in a set of > functions that the other Phorum files call. This means that each database > system can be utilized to the fullest to make it work as best it can on that > system. > > Now, I can make PostgreSQL work. But, I was hoping to get a REAL PostgreSQL > developer to help me out on this. Perhaps there is someone who has used or > seen Phorum. I know people are using it with PostgreSQL. > > Thanks, > > Brian Moon > Phorum Dev Team > > > ---------------------------(end of broadcast)--------------------------- > TIP 3: if posting/reading through Usenet, please send an appropriate > subscribe-nomail command to majordomo@postgresql.org so that your > message can get through to the mailing list cleanly >
| Hi Brian, | | This sounds interesting. If you want to really learn to get the most | out of PostgreSQL, you're probably best to join the PostgreSQL "Hackers" | mailing list. Is this an unsupported mailing list? I don't see it on the PostgreSQL web site. | If you've learnt not to deliberately leave backdoors in your code so you | can walk into sites', as you used to do with Phorum's code, then you | might find some people here willing to help. Well, it was never deliberate. We did have some issues recently that would allow code to be run on the server, however, if one followed the installation instructions and followed what we recommended to secure your files, there was no danger to you. We also got a fix out within a day of finding out about it. That said, we didn't follow our own advice and got hacked. | Just checked the Phorum website and noticed you've removed the original | advisories, from a few years ago. | | Hmmmmm.... don't be surprised if people here watch you *very carefully*, | due to your prior history of having abused people who placed trust in | you. Are you speaking of personal experience? Not sure what you are talking about from a few years ago. Phorum is only 3.5 years old. We did have some things late 2000. Those were addressed and fixed. Software has bugs both big and little. Thanks, Brian. Phorum Dev Team
Hi Brian, Brian Moon wrote: > > | Hi Brian, > | > | This sounds interesting. If you want to really learn to get the most > | out of PostgreSQL, you're probably best to join the PostgreSQL "Hackers" > | mailing list. > > Is this an unsupported mailing list? I don't see it on the PostgreSQL web > site. http://developer.postgresql.org/maillist.php This is a PostgreSQL 'development' mailing list, so generally the most experienced PostgreSQL coders hang out here. If you have the time to watch what goes on and stuff, you'll gain a lot of PostgreSQL understanding. > | If you've learnt not to deliberately leave backdoors in your code so you > | can walk into sites', as you used to do with Phorum's code, then you > | might find some people here willing to help. > > Well, it was never deliberate. We did have some issues recently that would > allow code to be run on the server, however, if one followed the > installation instructions and followed what we recommended to secure your > files, there was no danger to you. We also got a fix out within a day of > finding out about it. That said, we didn't follow our own advice and got > hacked. No, I was referring to the 'boogieman' backdoor you left in Phorum, which Jfs then found a few years ago. The one which you then tried to suppress all of your users from finding out about, until someone pasted info about it all over the Phorum forums thereby forcing you to come clean and remove the backdoor from your code. > | Just checked the Phorum website and noticed you've removed the original > | advisories, from a few years ago. > | > | Hmmmmm.... don't be surprised if people here watch you *very carefully*, > | due to your prior history of having abused people who placed trust in > | you. > > Are you speaking of personal experience? Not sure what you are talking > about from a few years ago. Phorum is only 3.5 years old. We did have some > things late 2000. Those were addressed and fixed. Software has bugs both > big and little. http://www.cgisecurity.com/archive/php/phorum.txt > Thanks, You're welcome. Justin > Brian. > Phorum Dev Team -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
| No, I was referring to the 'boogieman' backdoor you left in Phorum, | which Jfs then found a few years ago. The one which you then tried to | suppress all of your users from finding out about, until someone pasted | info about it all over the Phorum forums thereby forcing you to come | clean and remove the backdoor from your code. Whoa, there is a blast from the past. I really figured people would change that if they used the script. I had a big comment next to it that said "backdoor user name if all else fails". I was naive, what can I say. I promise I was not trying to leave backdoors open for me to get into people's sites. If it was compiled code I could see you being suspicious. You had to read pas that to read how to use the script. I guess boogieman was a bad choice for the default too as it sounds evil. What does not kill us makes us stronger. | http://www.cgisecurity.com/archive/php/phorum.txt Yeah, I was a little ticked off at this guy for not notifying us before publicly posting these. That seems to be a problem for some people. I guess they are afraid that if they don't go public first they won't get the credit. We did fix all those issues within a day of finding out about them. If we had known before the world, we could have saved some people some possible problems. Thanks, Brian. Phorum Dev Team
Brian Moon wrote: > <snip> > | http://www.cgisecurity.com/archive/php/phorum.txt > > Yeah, I was a little ticked off at this guy for not notifying us before > publicly posting these. That seems to be a problem for some people. I > guess they are afraid that if they don't go public first they won't get the > credit. We did fix all those issues within a day of finding out about them. > If we had known before the world, we could have saved some people some > possible problems. Oh Wow. They just announced it to the world without letting you guys even know at all? That's *horrible*. Justin > Thanks, > > Brian. > Phorum Dev Team -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi
| Hi Brian, | | This sounds interesting. If you want to really learn to get the most | out of PostgreSQL, you're probably best to join the PostgreSQL "Hackers" | mailing list. Is this an unsupported mailing list? I don't see it on the PostgreSQL web site. | If you've learnt not to deliberately leave backdoors in your code so you | can walk into sites', as you used to do with Phorum's code, then you | might find some people here willing to help. Well, it was never deliberate. We did have some issues recently that would allow code to be run on the server, however, if one followed the installation instructions and followed what we recommended to secure your files, there was no danger to you. We also got a fix out within a day of finding out about it. That said, we didn't follow our own advice and got hacked. | Just checked the Phorum website and noticed you've removed the original | advisories, from a few years ago. | | Hmmmmm.... don't be surprised if people here watch you *very carefully*, | due to your prior history of having abused people who placed trust in | you. Are you speaking of personal experience? Not sure what you are talking about from a few years ago. Phorum is only 3.5 years old. We did have some things late 2000. Those were addressed and fixed. Software has bugs both big and little. Thanks, Brian. Phorum Dev Team
| I don't have much time, but I'm happy to look at schemas and index | optimisation for you, etc. Has Phorum removed its silly requirement of | creating two whole entire tables per forum yet? With Phorum 5 we have changed that. We had our reasons at the time for doing that. However, things have changed and we are wiser and the tools are better. This kind of gets back to my point. For small to moderately sized Phorums on slower machines, having seperate tables is a good thing in MySQL. We now know that large Phorums suffer in this case worse than the smaller ones would suffer from one table. However, this could very well have never been a good thing for PostgreSQL. I don't really know. At the time I ported Phorum over to PostgreSQL, the docs were not nearly as good as they are now. There was nothing about optimizing your tables for speed. This is the reason I am coming here. I want Phorum 5 to run as fast as it can on PostgreSQL. Thanks, Brian. Phorum Dev Team
On Sunday 18 August 2002 01:36 am, Justin Clift wrote: > Brian Moon wrote: > > Yeah, I was a little ticked off at this guy for not notifying us before > > publicly posting these. That seems to be a problem for some people. I > > guess they are afraid that if they don't go public first they won't get > > the credit. We did fix all those issues within a day of finding out > > about them. If we had known before the world, we could have saved some > > people some possible problems. > They just announced it to the world without letting you guys even know > at all? Reading BugTraq is more than a little educational in how people will do anything to get first credit on finding security holes. The number of holes announced without prior warning to the authors is quite large, both in raw numbers and in percentages. -- Lamar Owen WGCR Internet Radio 1 Peter 4:11