What are the risks of running Flarum in production?

MangoLion

Asking for a friend.

arda

An extension can always brake the whole forum. (-sometimes- fixable by removing it though)
Core issues such as design and backend issues.
Security and leaks.
Stability obviously.
And many more we even don't know.

But still, I use Flarum on 4 different forums and they work like charm. It actually depends on every installation, but it's not suggested to run in production because of the reasons above.

luceos

arda Security and leaks.
Stability obviously

I'm sorry. But if you provide an answer to a question it would be much appreciated to be specific. Stability can have many interpretations. Flarum is stable to run, the api used by extensions not so.

As to security and leaks, this sounds as if any user on a flarum board is at risk, which is not the case. The only leak I know of is the one leaking ip information.

If you want to scare of users, you best do so with valid and clear arguments.

arda

luceos Sorry, I didn't mean to "scare" users obviously. You know how supportive of Flarum I am and I just listed those items that we MAY see. Not guaranteed.

Every beta software can have those. Sorry again for the misunderstanding.

Pollux

arda I just listed those items that we MAY see. Not guaranteed.

Every beta software can have those.

The question was not about the risks of beta software in general, it was of - quote - "the risks of running Flarum in production". To answer that question we should stay specific to Flarum's issues or the absence thereof.

jordanjay29

To add to what Pollux said, arda, when answering questions here it is helpful to speak from experience and not speculate. When you speculate, you create confusion and spread misinformation, things that do not help new users of Flarum at all. If you don't know an answer or don't have the relevant experience with Flarum itself, move on and let someone else answer.

lorem

On topic: None that I know of except it comes with a warning on the label which wouldn't look scary sans bug emojis. If you could brush off that little centipede and fat arse lady beetle as cute little emojis, you wouldn't take it any more serious than skype telling you not to use it for emergency calls..or a level 5 goose warning..

MangoLion

So it is absolutely safe to entrust user information such as passwords and email to flarum in the production environment right? I don't want my friend's users information to be at risk. Again just asking for my friend here.

luceos

MangoLion So it is absolutely safe to entrust user information such as passwords and email to flarum in the production environment right?

Most of flarum is based on components of the most prominent php framework in existence, laravel. Compared to other frameworks the community around laravel do not only share that code, they also feel stronger about best practices and security.

In addition both Toby and Franz, responsible for all the groundwork of flarum, have proven to be very capable developers. Intentionally cutting corners and forsaking the quality of the code, in order to please the community's excitement for a new release, I have yet to see.

lorem

MangoLion So it is absolutely safe to entrust user information such as passwords and email to flarum in the production environment right? I don't want my friend's users information to be at risk. Again just asking for my friend here.

If your friend has an fb or a ph account, s/he should be fine with flarum.

clarkwinkelmann

MangoLion I don't want my friend's users information to be at risk

Unless you or your friends are re-using passwords and you don't install extensions that collect excessive personal data, I don't see how this could be a risk. At worse you're leaking the email adresses ?

As said by luceos Flarum is built with high quality components and put together by good coders so I wouldn't worry too much about that. If we do discover an issue a fix will probably be quickly released as has been done in the past (beta 7.1 as example).

I'd be more worried about user/admin errors (like exposing database backups publicly by putting them in the webserver folder, like I've seen... or poor database passwords...). If the server is handled by a capable webmaster, everything should be fine, beta software or not ?