SoftwareSecurity2012/Group 6/Wanted Documentation
Feedback on FluxBB documentation
In general, we found that the documentation was well-written and helpful. We especially made use of the pages about the database layer, the constants, and the variables, as they saved a lot of time in trying to figure out what variable was used where, and for what purpose.
The code was well commented and structured, and easy to read. Especially for examining the database layer, the categorization of the different types of databases, and their corresponding escape(), query() etc functions was very helpful. We saved a lot of time at that point in the project, since checking a few functions in predictable places allowed us to conclude that, for instance, a specific type of query was safe.
One problem we had was figuring out what type of variables went into the configuration file, config.php. This wasn't very well documented and had no examples of its contents. This file was also only created upon successful installation, so it meant that we had to do a local install to quash any doubts that stemmed from the security of the contents of this file. The contents of config.php were frequently called from other files, especially the $db_prefix variable, and we wanted to make sure that this variable in particular was safe. We would have liked to see some comments on what type of variables could be included in this file, as well as explanations.