SoftwareSecurity2012/Group 10/Wanted Documentation

Server configuration

Many issues we encountered with FluxBB are dependent on the server configuration, in particular the database that is used to store FluxBB's data.

We would like to see documentation on how to configure a server properly, with instructions how to configure a database that handles sensitive data correctly and how to configure for proper secure connections. There is an installation guide, but it is rather superficial and makes no mention of security considerations.

Architectural description

A security review would (in general) profit from availability of a document describing the overall system architecture; e.g. how is authentication/authorization handled? What potential security issues were taken into consideration during the architectural design, and what has been implemented to ensure the system is secure?

More specifically: you would want the list of sensitive data and the policy for V9.2!

FancyBox documentation

FancyBox itself is a rather small plugin, as such there's only little to document. Regardless, code review would have been easier if the javascript code would not have been 'minified'. Another issue are code comments - while there isn't much need for elaborate documentation of functions, all comments present are in Russian.