SQL Design of the LTT Forum, need some info

[silentmelodies]

I am quiet new to SQL Design. I am interested how a usual SQL Database is designed, for example, user posts or a forum like this.

Are all posts kept inside one table ? Like you have a table called 'posts' and then have id of who posted it and the post text.

I imagine it like this: 

"topics" table has topic id, all the post id's and OP id, then all that is just fetched from the database on custom queries for different categories:

SELECT * FROM posts WHERE category = XYZ

Could someone provide me with the SQL diagram of the LTT Forum? Maybe @colonel_mortis or @BladeOfGrass or someone else? Like this one fore example:



 

[Brenz]

LTT use a piece of Forum Software called IP.Board. The DB schema for IP.Board can be found here: https://www.invisionpower.com/support/guides/_/advanced-and-developers/database-schema/

 

It's not shown as a diagram but all the information you want should be there with some reading

[Stuff_]

I doubt they will provide you with the structure of their DB. I don't see why I would need to explain why.

[silentmelodies]

I doubt they will provide you with the structure of their DB. I don't see why I would need to explain why.

The structure of the database has nothing to do with data in it.

[silentmelodies]

LTT use a piece of Forum Software called IP.Board. The DB schema for IP.Board can be found here: https://www.invisionpower.com/support/guides/_/advanced-and-developers/database-schema/

 

It's not shown as a diagram but all the information you want should be there with some reading

Hmm, nice! Thanks! I could of had just Google'd that. fml

[Stuff_]

The structure of the database has nothing to do with data in it.

There isn't just one way to create a database. You can do it however you would like and implement it in any way you want.

[Brenz]

There isn't just one way to create a database. You can do it however you would like and implement it in any way you want.

 

Except most online forums use ready made forum software, each of these will have their own DB schema but most platforms will have information on their schema available. LTT may have added some new tables for custom features but the basic forum will use the standard DB.

[bking]

The structure of the database has nothing to do with data in it.

 

But it has everything to do with helping craft SQL Injection attacks.

[silentmelodies]

But it has everything to do with helping craft SQL Injection attacks.

If your site is SQL Injection vunerable you are doing life wrong.

 

[bking]

If your site you're running a FOSS app that is SQL Injection vunerable you are doing life wrong.

 

 

Fixed it for you.

[Brenz]

If your site is SQL Injection vunerable you are doing life wrong.

 

 

 

But it has everything to do with helping craft SQL Injection attacks.

 

 

Knowing or not knowing a website DB schema makes no difference. If your website is vulnerable I can use the vulnerability to pull out your DB schema anyway along with all the data

[silentmelodies]

Fixed it for you.

What has FOSS to do with SQL Injection? 

SQL Injection is purely a bad programming flaw, not a program flaw.

[LukeTim]

What has FOSS to do with SQL Injection? 

SQL Injection is purely a bad programming flaw, not a program flaw.

 

I think bking means to imply that closed source software has no need to protect against SQL Injection. Which is utter bollocks.

Remind me never to use any software he was involved in developing.

[Gazmanafc]

I think bking means to imply that closed source software has no need to protect against SQL Injection. Which is utter bollocks.

Remind me never to use any software he was involved in developing.

 

Indeed. The use of an Open Source application doesn't always mean you're vulnerable. In fact, because of the way the Open Source Community is, you're more likely to have security issues using closed source software instead.

 

I contribute to an Open Source Forum software that rivals IP.Board known as SMF (http://simplemachines.org) and we take security extremely seriously, and when we get a report we analyse it's legitimacy, and if warranted, we'll patch it ASAP.