Are you sure that your safemode version is secure ?

[betatest]

Just because on my "high" (hope so) secure server (some improvements and restrictions like safemode) I'm unable to install your version 'safemode' he make a message error like this :

YaBB SE Safe Mode Installer
Error: No Database Selected

(on step 7 to create the user)

also when I make the user manualy I get this error on the index :

An Error Has Occurred!

2: mysql_fetch_array(): supplied argument is not a valid MySQL result resource
(/users/forum/yabbse/Sources/Subs.php ln 186)

Also why every of version of YaBB SE need to automaticaly replace the http user & group & chmods (on an unsecure way) ?

I really like the design and the functions of YaBB but they are some things stranges I see  

The current open beta isn't yet ported to safemode (also why to make two different versions one normal and one safemode ? All other BB concurent don't need this and run perfectly in normal&safemode with the same code like phpbb/vb &co)

So if a devel have 2sec to look what's wrong with the security part of YaBB & compatibility in safemode (I tested 4 boards on the same server, phpbb run, vbulletin run, phorum run, YaBB failed (noarmal&safemode version) so it can't be the server) it will be glad because I'll really would like to use YaBB and no other BB  

Thanks for support

(ps : why do you need to make system calls to use /var for example, think that if the httpd is chrooted in a jail you can't use this  )

[Jeff Lewis]

So it sounds like the Settings.php file was written and that's why it said no database was selected. How the hell does that make it not secure?

[betatest]

the security problem that I talked about wasn't about the no database error but for other points I said (http user/group, chmods, /tmp,...)

I'm not saing that YaBB isn't secure or this way of things no, I just would like to have my YaBB woring correctly in safemode restrictions (godness what a headache lol).

But mhh... I don't understood what's the problem so settings.php was written okay, but after ? Why the forum don't work ? Something wrong with the installer or ? Also you said settings.php was written but the user isn't created into the database :/ Huh really I dunno what to do :/

free tour here   :

http://dmon.ath.cx/~forum/ (yabbse)

thanks one more time for help support & yabbse project

[Jeff Lewis]

Sounds like that after install, the installer couldn't write the Settings.php file which stored the database settings. I could be wrong though...

[betatest]

okay so the file settings.php wasn't written I modified them manualy so now he connect but he display nothing.

You know, I think that YaBB SE couldn't support chmod 644 for files & 755 for folders I don't see any other explication (using any other chmods will be dangerous).

Also I found a mistake, why to put the "enableCompressedOutput" into the database (in settings.php will be better I think) & also why to active the gzip compression by default because some hosters put the php zlib compression already so if both are activated the forum couldn't be displayed, so I think it will be better to desactivate it by default to let the user choose in function of what kind of hosting he use, don't you think so ?

Well I hope that I can help you with all my problems&opinions into this feedback for YaBB SE2 to be better and more secure  

[betatest]

nobody an idea really ?  

[andrea]

You know, I think that YaBB SE couldn't support chmod 644 for files & 755 for folders I don't see any other explication (using any other chmods will be dangerous).

This is not true, when the installation is complete you can use those chmod settings without problems.

There are some minimal chmod requirements contained in this faq:
http://www.yabbse.org/community/index.php?board=135;action=display;threadid=15904