1
hi there is a very minor security issue with newbb2, but its a critical in nature.
By default when ever a user is browsing a forum the link comes up something like this
Quote:
http://mysite.com/modules/newbb/viewtopic.php?topic_id=8&forum=5&PHPSESSID=9f82570924457c90d1400c9d248056d7
Note the important thing in here is the PHPSESSID. the session id should never be seen first of all. take a case, you where browsing a topic and you found it intresting and you copied the entire link as shown above and passed it to your friend or third person. and if that person opens the link while you are logged in, then your session will get shared with him and he will be logged in by default with your id. This would be worse if a site admin commits this mistake.
Thus i would suggest to use POST method for session ids atleast.