2018-08-19, 05:19 PM
The installer, ACP and possibly the upgrade process should include an option to review and suggest safe defaults for MyBB configuration.
During the installation, a form with suggested setting values would be presented and used to alter the initial settings; the values would be re-checked during an upgrade and the setting listing in ACP could include which settings were changed, from what default values and what values are recommended. A separate mechanism can be implemented to list all settings that may cause MyBB to work incorrectly or unsafely.
Setting types to cover might include:
- board URL protocol (HTTPS-dependent)
- secure cookie flag (HTTPS-dependent),
- IP address header (reverse proxy-dependent),
- drivers and libraries (depending on availability, e.g. prioritizing MySQL Improved over MySQL),
- cache control headers that might reduce risk of Varnish-like caching that might mix user sessions.
During the installation, a form with suggested setting values would be presented and used to alter the initial settings; the values would be re-checked during an upgrade and the setting listing in ACP could include which settings were changed, from what default values and what values are recommended. A separate mechanism can be implemented to list all settings that may cause MyBB to work incorrectly or unsafely.
Setting types to cover might include:
- board URL protocol (HTTPS-dependent)
- secure cookie flag (HTTPS-dependent),
- IP address header (reverse proxy-dependent),
- drivers and libraries (depending on availability, e.g. prioritizing MySQL Improved over MySQL),
- cache control headers that might reduce risk of Varnish-like caching that might mix user sessions.