Important Cannot add Blip.TV and local server video

Rooster wrote: But in the end, it should be up to the admin/owner what he considers tolerable, acceptable and worth-while risk. I understand your desire to not be blacklisted or delisted, but as long as your software is sent with said feature disabled, I don't see how you could be found at fault.

Yes and no. We take security very seriously (Kunena is used in a number of corporate environments) and need to take precautions that users might not consider when setting up their site. If the government let drivers decide what's an "acceptable" speed limit, there would be far more accidents than there are now—likely due to the fact that many people would *think* they can drive faster safely than they actually can. The speed limit sucks but it's for the benefit of the greater good.

Rooster wrote: I get heat for this on almost a daily basis, members of my site asking if (you guys) have reenabled flash, and pointing out several other high-profile forum packages that have no problem with allowing flash.

Sorry if you're getting heat (and I'm not sure what the "other high-profile forum packages" are), but the dev team needs to take the steps it does to ensure stability and security. That's not to say the feature won't be in a future version; it just means that if it will be implemented, it will be done in a way that protects the users.

Rooster wrote: I'm not likely to switch; I'm used the the way fb functioned just as Kunena now, and there are several features I appreciate and feel this package works more fluidly than some others I've tried in the past.

Keep in mind that Fireboard was pretty unstable and a HUGE security risk in many ways.

Rooster wrote: I just wish you would leave it up to the people using it to determine the amount of security. I mean, if we followed this belief, would there even be a Joomla? After all, Joomla itself allow several packages to run that could allow malicious activity, yet.. It allows the user to decide whether they want to or not. There are even several things in the core of Joomla itself that are 'user adjustable', to tweak between ease of use and security. All I'm asking is Kunena allow the same option.

Joomla works the same way for core code. Kunena doesn't allow for extensions to be installed in it the way Joomla allows so it's an apples-to-oranges comparison.

So here's a question for you... If you were a user new to Kunena and you came to these forums to see if Kunena was right for your needs, would you rather see 100 posts about security breaches or 100 posts about a missing feature?

Hey there.. First off, and I truly mean this, I do appreciate all of your time (to all who have posted here and on my original thread) you have taken on this topic. I'm sure it cannot be easy, though I'm not honestly sure how often this topic comes up, I only did a couple recent searches, which in fact was what brought me to this post. In truth, when I saw on the homepage you have a .x update, I had hoped to find you re-implimented it, which is what brought me searching in the first place.

I do understand your reasoning, I really do, I just can't wrap my head around not allowing the admin the choice. You cited several businesses and high-profile organizations use Kunena. That would not change just because you allow an option for swf use by those who want it. I could also say on those grounds MS should not churn out another OS, because we all know how insecure and virus friendly they can be. But in the end, it's the users option, in that case, at least.

I won't harp on it anymore. I'll agree to disagree if you will, I suppose, with the hope that someday you'll decide to put the power and choice on the users of your software. I will check in from time to time to see if there's been an update allowing it, but won't bug ya anymore on the forums, other this this final post on the matter.

You did seem surprised that other forum packages allow it, maybe even confused on which ones, so I will name-drop a bit. If that's not allowed, I'll ask a mod to at least leave it there till it's read, then you can edit this post and remove them. Forum packages that allow swf insertion via bbcode include: Invision (IPB, PhpBB, DotNetNuke Forum, SMF forum (though this might've been via an addon, either way, supported and sanctioned on their site), and vbulletin. There are more, I'm sure, but those are several huge options, all of which are just as commonly used in a corporate/professional setting.

One last question I'd like to leave ya with, you don't have to answer. An image file can be infected by a virus. Kunena supports file attachments, as well as images. Is that not, the same or worse in terms of security risk? Admins can set the filesize on attachments etc, or prevent it completely. Why not the same functionality. One is acceptable risk but the other is not? Makes little sense.

Again, I'll leave you in peace and friendship wishing great things from Kunena. I know we just don't see eye to eye on this matter, not the end of the world. As I said before, it's all I've run on my current portals out there, since the fb days. I've dabbled with several forum packages out there, and aside of the swf thing, I do like what you offer, it feels far more integrated and 'whole' in terms of working with other Joomla components and Joomla itself.

Rooster wrote: I do understand your reasoning, I really do, I just can't wrap my head around not allowing the admin the choice. You cited several businesses and high-profile organizations use Kunena. That would not change just because you allow an option for swf use by those who want it.

As far as I know, supporting Flash hasn't been ruled out forever—so let's be clear about that because it seems you might be assuming that.

Rooster wrote: You did seem surprised that other forum packages allow it, maybe even confused on which ones, so I will name-drop a bit. If that's not allowed, I'll ask a mod to at least leave it there till it's read, then you can edit this post and remove them. Forum packages that allow swf insertion via bbcode include: Invision (IPB, PhpBB, DotNetNuke Forum, SMF forum (though this might've been via an addon, either way, supported and sanctioned on their site), and vbulletin. There are more, I'm sure, but those are several huge options, all of which are just as commonly used in a corporate/professional setting.

The only forum I've seen with SWF support out of the box is phpBB3. The others require a hack/add-on to get support. Kunena could be hacked to support it just like those. But, as you know, you take into consideration the whole package when determining which forum solution meets your needs—and, in my opinion, Nuke, SMF and others are not nearly as good as Kunena. Call me biased but the features, pace of development, and support quality lag far far behind Kunena. But then you know that already since you chose it.

Rooster wrote: One last question I'd like to leave ya with, you don't have to answer. An image file can be infected by a virus. Kunena supports file attachments, as well as images. Is that not, the same or worse in terms of security risk?

Not really. The limited number of viruses that you could embed in an image are different and couldn't cause the destruction of a rogue Flash file, which could compromise an entire server. Flash files are executables, while images aren't. With ActionScripting, a script kiddie could compromise the entire server, not just the account the file is on.

Rooster wrote: Again, I'll leave you in peace and friendship wishing great things from Kunena. I know we just don't see eye to eye on this matter, not the end of the world. As I said before, it's all I've run on my current portals out there, since the fb days. I've dabbled with several forum packages out there, and aside of the swf thing, I do like what you offer, it feels far more integrated and 'whole' in terms of working with other Joomla components and Joomla itself.

No worries. We're already working on Kunena 2.0 and you never know what progress will bring.