Security in NSBBS was never an afterthought. It was developed along with everything else in the program. I certainly hope I did a good job in this area so malicious users won't be able to damage forums in operation. I made sure that all user operations are always checked to ensure it may be processed. In addition to this I also created a customizable flood prevention system.

NSBBS Highlights

• Java Technology: NSBBS was created using J2SE version 1.4.1_02 and J2EE version 1.3.1. NSBBS runs on virtually any operating system and almost any J2EE compliant server such as:
  Tomcat, IBM WebSphere, BEA WebLogic, Oracle Application Server 10g, Sun Java System Application Server
• Efficiency: All database activities and data processing occur completely on the server side. JSP pages merely display the already processed information therefore, slow user connections don't hold up database/server resources much at all. Also, NSBBS utilizes the object oriented aspect of the Java programming language to speed up processes and save on memory.
• MVC Architecture: Presentation layer is separated from the application logic. Makes editing much easier for those with little or no JSP experience.
• Simple Installation: Most J2EE servers will automatically install WAR (Web ARchive) files. A MySQL database setup script is included and once run the database is ready to go. Very little configuration is required afterwards to get up and running.
• Database Support: NSBBS can also be customized to work with various other databases. *
• The Intelligent BBS: NSBBS shows users what they may do. If members can't create topics, they will not see that feature. Guests for example, won't have a logout button. If a malicious user attempts to bypass systems, NSBBS will still check if that user has permission to do that operation or not.
• Statistics and Tracking: NSBBS statistics and tracking include:
  • Number of members and guests online
  • Number of categories, topics and replies
  • Number of views for each topic
  • Who the newest member is
  • Number of posts each member makes
  • IP address of user saved and updated for each login and for each topic and reply posted
  • When the user last logged in and last logged out
  • When the user last modified their profile
• Multiple Submit Protection: All forms are protected form multiple clicks of submit buttons. No worries about double posts.
• Permissions: The administrator can completely customize the permission sets for regular members, moderators and guests. Each user can also individually have their permission set modified. Regular users can be promoted to moderator status via a simple toggle switch.
• User Groups: If several members require a specific permission set, a user group can be created. User Groups can also be deactivated or deleted completely if no longer needed.
• Add Restrictions: The following lists some useful restrictions available in NSBBS:
  • The total number of members that may register
  • The total number of posts (topics + replies) permitted globally (or unlimited)
  • The maximum length a message can be (or unlimited)
  • Whether the user needs to register before they may see the forums
  • A default value for how many messages a newly registered member may post. This value can be changed individually for each member as well (to unlimited)
  • The timeout for a session
• More and More: Unlimited categories, topics, replies and members permitted. There no software coded constraints as such, but the administrator can set limits for some of these items if they wish. **
• Vote Now: Members with proper permissions can create polls with up to 10 options. Members can vote only once.
• Private Messaging: Members can message each other via a private messaging system and can even store messages they've sent to other users. NSBBS also notifies members if they have new messages.
• Change It - Move It - Reorder It: Easily edit and delete categories, topics and replies. If a topic is under the wrong category, simply move it at will! Changed your mind about how the categories are ordered? Then reorder them as you wish. Lock either entire categories or a single topic. Mass deletion of categories, topics, replies and private messages is available.
• E-Mail Notifications: NSBBS can send numerous e-mail notifications to users. Some e-mail notifications include: new reply, new private message, approval/denial messages and more. All members and the administrator can also save a default preference for some notifications.
• To Date or Not to Date: When users register, control whether their date of birth is mandatory or optional.
• Agreement Message: If required, an agreement message can be specified for registering users. If they don't agree to the message, they will not be registered.
• Style: Almost all design aspects of NSBBS can be customized via style sheets, HTML and JavaScript.
• Avatars and Emoticons: NSBBS comes with 50 emoticons and 20 avatars, which can all be customized to suit individual needs. Users can also upload their own avatar from their computer or off the Internet and change it anytime. The administrator can enable or disable emoticons and/or avatars if they wish.
• Profile: Members can create a profile and can even upload a picture from their computer or off the Internet. Profiles can be completely hidden or some specific parts only. Users can also add a signature to messages they create.
• Ignore Members: Other than the administrator and guests, members and moderators can create an ignore list. Topics, replies and private messages are blocked.
• Private List: This keeps members informed as to which private topics they are part of.
• Watched Topic List: Members can see a list of topics they are currently watching. This list not only allows easy access to those topics, but with a couple of clicks the member can remove the topic from the list.
• Ranking: A fun and versatile ranking system is included so users upon reaching a certain number of posts get a different message. The administrator can customize their own special message too.
• Censor List: Any word can be added to the censor list. The censor list can also be enabled or disabled. NSBBS comes with a default set of offending words.
• HTML Verifier: HTML can be permitted or disabled in messages. If disabled, NSBBS will remove HTML tags from messages before storing them. If permitted, only HTML that is contained within the HTML List will be allowed. All other tags not present in the list will be removed. This allows the administrator the ability to block certain HTML tags from being used. NSBBS comes with a default HTML list.
• Comprehensive Search: NSBBS has 3 comprehensive search capabilities:
  1. Search for members, match name exactly or partially
  2. Search topics and replies for a specific piece of text. Options include searching all categories or specific ones, by a specific date, by a particular member, and text match exact or partial
  3. Search for topics and replies by a specific member. Options include by a specific date and name match exact or partial
• Category and Topic Ordering: Numerous options available to list categories and topics by. For example, at the single click of a mouse a user can order topics in one of 5 different ways and each of those can be in ascending or descending order.
• Icons at a Glance: Display icons next to categories and topics show whether they are member access, private access, locked, have new posts or no new posts.

* Database must have a JDBC driver and understand common SQL commands.
** Limited by either available system resources/third party factors or administrator setup.

Security Features

• Flood Prevention: The number of posts a member can create every X number of minutes can be set. This greatly helps to deter malicious members from flooding the forums with spam like messages. In addition to protecting topics and replies, the private messaging system is also protected.
• Approval/Verification: Upon registering there are 3 ways a user is permitted to access the forums. The administrator can set this up as they wish:
  
  1. The user receives an e-mail and simply clicks a verification URL. The NSBBS application then verifies the data and if approved the user may sign in with member permissions.
     
  2. The administrator can see a list of users that have not verified their accounts. The administrator can then manually verify or purge those users.
     
  3. Administrator approval only. Upon registering the user receives an e-mail notifying them that approval is underway. The administrator can then approve or deny approval to the user. The user is then sent an approval or denial e-mail.
• Password Safeguard: All passwords are stored hashed (40bit) in the database and in cookies (if auto login was selected).
• Authentication: Upon signing in all users are authenticated by the NSBBS application to ensure validity, if the user is banned or not, to apply permissions and if necessary restrict access to certain areas of the application.
• Confirmation: Permissions are checked every time the user performs an action to ensure they may do so.

Administrative Features
Simply said, the administrator has access to everything in the forums other than private messages

• Full access to categories, topics and replies, even if locked or private. This access includes creation, editing, deletion and locking features.
• Can edit any members preferences, options and profile
• Is the only one who can see IP addresses
• Change usernames
• Can ban users at the click of a link or button
• Can configure all options for the NSBBS system

Moderator Features
Moderators have all the features available to them that general members have, plus the following features listed below. Please note however, the administrator can change permissions for users, so the following may only be true in certain setups.

• Permission to create, edit, delete or lock any category, topic or reply
• Create “Announcements” and “Always on Top” topics
• Ban members

Member Features
As with moderators, members can only do what they are permitted to do. The administrator can, for example, disallow a member to edit or delete their own posts. So the following may only be true in certain setups.

• Cannot delete a topic with replies
• Cannot delete a reply completely. Only a moderator (with permission) or the administrator can destroy a reply
• Can only edit their own posts, profiles and preferences

Guest Features

• By default guests can view all public categories, topics, replies, profiles, do searches and view the member directory. Guest permissions however, can be fully customized by the administrator
• Cannot add, edit or delete any content
• Can register