MyBB Community Forums

MyBB Community Forums > Development > Suggestions and Feedback > Auto-detection of safe defaults
Full Version: Auto-detection of safe defaults
You're currently viewing a stripped down version of our content. View the full version with proper formatting.

Devilshakerz

2018-08-19, 05:19 PM
The installer, ACP and possibly the upgrade process should include an option to review and suggest safe defaults for MyBB configuration.

During the installation, a form with suggested setting values would be presented and used to alter the initial settings; the values would be re-checked during an upgrade and the setting listing in ACP could include which settings were changed, from what default values and what values are recommended. A separate mechanism can be implemented to list all settings that may cause MyBB to work incorrectly or unsafely.

Setting types to cover might include:
- board URL protocol (HTTPS-dependent)
- secure cookie flag (HTTPS-dependent),
- IP address header (reverse proxy-dependent),
- drivers and libraries (depending on availability, e.g. prioritizing MySQL Improved over MySQL),
- cache control headers that might reduce risk of Varnish-like caching that might mix user sessions.

Euan T

2018-08-19, 09:10 PM
(2018-08-19, 05:19 PM)Devilshakerz Wrote: [ -> ]The installer, ACP and possibly the upgrade process should include an option to review and suggest safe defaults for MyBB configuration.

During the installation, a form with suggested setting values would be presented and used to alter the initial settings; the values would be re-checked during an upgrade and the setting listing in ACP could include which settings were changed, from what default values and what values are recommended. A separate mechanism can be implemented to list all settings that may cause MyBB to work incorrectly or unsafely.

Setting types to cover might include:
- board URL protocol (HTTPS-dependent)
- secure cookie flag (HTTPS-dependent),
- IP address header (reverse proxy-dependent),
- drivers and libraries (depending on availability, e.g. prioritizing MySQL Improved over MySQL).

The MySQLi vs MySQL option will become redundant with MyBB 1.9 since the old MySQL option will be removed (the old functions aren't available in PHP 7).

Otherwise, I agree. We should have sane defaults and should always nudge users towards the safest path.

Wires

2018-08-19, 09:19 PM
+1, would definitely like to see this happen.

Serpius

2018-08-21, 02:04 PM
(2018-08-19, 09:10 PM)Euan T Wrote: [ -> ]
(2018-08-19, 05:19 PM)Devilshakerz Wrote: [ -> ]The installer, ACP and possibly the upgrade process should include an option to review and suggest safe defaults for MyBB configuration.

During the installation, a form with suggested setting values would be presented and used to alter the initial settings; the values would be re-checked during an upgrade and the setting listing in ACP could include which settings were changed, from what default values and what values are recommended. A separate mechanism can be implemented to list all settings that may cause MyBB to work incorrectly or unsafely.

Setting types to cover might include:
- board URL protocol (HTTPS-dependent)
- secure cookie flag (HTTPS-dependent),
- IP address header (reverse proxy-dependent),
- drivers and libraries (depending on availability, e.g. prioritizing MySQL Improved over MySQL).

The MySQLi vs MySQL option will become redundant with MyBB 1.9 since the old MySQL option will be removed (the old functions aren't available in PHP 7).

Otherwise, I agree. We should have sane defaults and should always nudge users towards the safest path.

Add in the option of picking a light or dark theme as it was suggested before.

I believe Justin (I think) was working on a dark version of the default light theme of MyBB.
MyBB Community Forums > Development > Suggestions and Feedback > Auto-detection of safe defaults