« One Smoking Barrel
Cruciforum v1.11 »

Cruciforum: crucially simple

Cruciforum

Cruciforum is a really simple web-based forum, designed to make it easy to add somewhere for discussion to go on to your website or a project. A Cruciforum forum is lightweight, doesn’t require a database, and can be set up on your server in about two clicks of a mouse. It’s the easy way to give people somewhere to chat about your project without installing something heavy and complex like PHPBB; just put the cruciforum install file in an empty folder and go to it in your web browser, and that’s all you need to do. Whenever I see a small project’s website I find myself wishing there was somewhere I could talk to people about it, and that’s what this makes easy. Go get Cruciforum for all your discussion needs, assuming that your discussion needs aren’t all that complicated!

This entry was posted on Tuesday, October 16th, 2007 at 12:51 am and is filed under Cruciforum, Software, Usability, Web. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

7 Responses to “Cruciforum: crucially simple”

  1. Cool name!
    You seem to be Dan Simmons fan (just like myself :-)

    Adriatic
    7 hours later

  2. Why does the name make me think someone’s been reading too much JK Rowling… :)

    N.
    8 hours later

  3. The simplicity is refreshing, but releasing it without anti-spam/validation/anti-CSRF/throttling measures makes me wince a little. Anyone installing this version will be wide open to abuse.

    Matt Round
    14 hours later

  4. Matt: I’m not sure how CSRF applies here. Yes, I could trick your browser into posting as you to a Cruciforum from some other site, but then I could just go to the forum myself and post as you too. There are no identity guarantees. I can’t think of a reason why I can’t go to some forum you don’t know about somewhere else and sign up as mattround, either. I can’t fill in my email address as being yours, because I’ll fail verification, but I can say “I’m Matt Round and my website is malevolent.com” on every weblog comment form in the land without any problem. Unless we’re prepared to demand (not allow, but _demand_) something like OpenID or some trust metric, that’s just the way it is. If that counts as CSRF, then Cruciforum isn’t any more vulnerable than half the rest of the internet.

    Anti-spam, yes, and http://www.kryogenix.org/bugs/cruciforum/spam-protection.html discusses precisely that.

    sil
    15 hours later

  5. [...] 18th, 2007 · No Comments Cruciforum - a really (really) simple forum, written inPHP. [...]

    Cruciforum, then. « Exploring Freedom with Matt Lee
    2 days later

  6. CSRF isn’t much of an issue in this case, but it could be abused to make innocent users post on behalf of a spammer (when they visit a site set up by the spammer or a site compromised by XSS). You then wouldn’t be able to usefully use IP for blacklisting, and if the spammer’s site used HTTPS then there’d be no referer to block either.

    Like I said, it’s not a major issue though, particularly if the chosen anti-spam measures rely upon content and user interaction rather than IP/referer.

    Matt Round
    2 days later

  7. [...] while back I added a simple discussion forum for opencycleroute.org, based on cruciforum by Stuart [...]

    OpenCycleRoute » Blog Archive » Discuss
    17 weeks later

Leave a Reply

OpenID is a decentralised authentication system. If you use LiveJournal or Vox you already have an OpenID; just use the URL of your homepage there. See also how to get yourself an OpenID.