There is not a 1:1 correlation between front end and back end security.
Having a hyper-secure forum on the front end does not eliminate or even mitigate the possibility of a exploit allowing the database to be exposed from a direct server attack that has nothing to do with the forums themselves.
IT security is always a trade off of security vs. usability and this is usually determine by what you perceive is your chances of being a target.
W1zz could make every user create a 32 character, strong password with non-repeating characters, a combination of upper, lower and special characters, and force password aging every 30 days. He could remove the capacity of "remember me" so that you have to memorize (or at least have it written down) to prevent the possibility that your password was taken off your machine and it still would make no difference if the attack was not in that vector.
We just updated our club website to vB 4.2.0 and it is not without problems. Given the amount of custom code that W1zz has done to this site, his work would be much more time consuming to get everything working than a simple 3.x to 4.x update.
Cloud (noun, singular): A dynamic arrangement of multiple potential single points of failure, with a user at one end and their data at the other.
Get more tech news on a wide variety of topics at NextPowerUp
Last edited by Kreij; Nov 24, 2012 at 10:09 PM.