Vbulletin arcades

[armstrong]

Do arcades present a security risk for vbulletin forums? Have there been previous incidents of vb getting hacked because of an exploit found via the arcades?

I'm considering this for my forum, and need feedback before I proceed. Any insight is much appreciated.

 

[Eric]

I'm not sure, Apollo (I've not been using vB long). Which arcade were you thinking about using, and which vB version do you use?

 

[armstrong]

Hey, SV. :wave: My forum's using the current stable release - vb3.5.4. There appears to be only two good choices right now at vb.org: v3arcade and ibProArcade, so I'll probably go with one of these.

 

[Zeus]

I agree. One of my sites has an arcade and I use v3arcade. Some of the others do present a secuirty issue. I would recommend you thoroughly research the pros and cons of each arcade that is available and then make your own choice. Good luck.

 

[armstrong]

I opted for ibproarcade, as the published features work as expected, and overall it seems to have better support at the moment. It also works with more game formats, including pnflashgames, and those made for v3arcade.

 

[weblord]

the security will start with the arcade itself so therefore making them both your friend and enemy and from my experience with being a member of your forum and an arcade player the arcade database is connected with the main forum's database, that could pose a risk.

 

[armstrong]

From vb3.5 onwards, the new plugin system means that properly-coded extensions do not connect to the database directly. Instead, they do so via hooks provided by the vb API. As I understand, this means that if there's any security issue, it would be due to vb itself, and not the properly coded extension, which ibproarcade is.