Archive

Posts Tagged ‘Content Management System’

Securing Joomla! CMS based sites

December 3rd, 2008
Comments Off

Looks like turbulent water in the Joomla Security Forums, again. Let’s ignore this and focus on securing a Joomla installation:

1. Set the right file and folder permissions according to the Joomla guide:

Once your site is configured and stable, write-protect critical directories and files by changing directory permissions to 755, and file permissions to 644. There is a feature in Site –> Global Configuration –> Server to set all folder and file permissions at once. Test third party extensions afterwards, and carefully review the code of any extension that has trouble with such settings. Note: Depending on your server’s permissions, you may need to temporarily reset to more open permissions when installing more extensions with the Joomla! installer.

2. Think twice before installing an extension – do you really need it? Most security vulnerabilities come from third party extensions. Especially ones that are pre-release or ones that have not been updated lately.
3. Upgrade to the latest stable version of Joomla. The core team is hard at work for the community partly addressing security bugs and issues found. If you run a site based on an old version of Joomla – you are at risk because the security issues are well documented and available for anyone by exploring the tracker.
4. Change your admin username. Very basic security tip that is recommended for almost every server out there.
5. Avoid shared servers. Virtual hosting is great if you are not in a position to afford a VPS or a full dedicated server, but it is not secure.
6. Protect your DB. Use a user other than the root, and do not allow connections from outside the machine. Even better, block the MySQL port completely.
7. Use an SSL. Simple, when you login and submit your username and password without an SSL, the information is not encrypted between you and the server. Potentially dangerous for packet sniffing exploits or in todays world, if you decide to work from a WiFi/Hot Spot.
8. Separate your development from the production server. Avoid unclean code or left overs that may leave a back door.

9. Remove unnecessary files from the site: remove the XML RPC server part of Joomla if you are not planning on using it. This service allows desktop applications to post directly to the site. Essentially providing access via this protocol. And if you just moved the site from another server delete the zipped files, since they contain your passwords in an unencrypted form!

10. Monitor the logs for hack attempts. Who is trying to login to the administrator section when I was eating my turkey? :) you get the idea…

Content Management Systems, Joomla, Web Development , , ,

Joomla vs Ektron

September 5th, 2008

We have been receiving a lot of comparison inquiries lately and I wanted to put this simple Joomla vs Ektron content management systems comparison table out there. Have in mind that much of the decision of which CMS to choose for your company or organization is usually made way before this comparison since the two systems are different in such a fundamental level. However, this is a comparison of those fundamentals plus some of the ‘interesting’ features.

Joomla vs Ektron

Joomla vs Ektron

Feature/Item Joomla Ektron
License Model Open Source Closed Source, Compiled
Price Free Starts at $15,000
Web Platform PHP ASP.NET 2.0
Database MySQL MS SQL (Express version OK)
Extendability Options Plugins, Components, Mambots. Joomla 1.5 went through significant development that now offers many hook-ups for plugins without hacking any core files. Plugins (Observer Method), Ektron API (via ASP.NET code behind), Extensive Web Services API
SEO Options Search Engine Friendly URLs (Joomla 1.5)
Meta tags controls
Full template overrides, clean HTML
Search Engine Friendly URLs (CMS400 7.6)
Meta tags controls and consolidation
Content Tagging
Full template overrides, HTML is often not so clean (part issue with .NET as well)
Social Networking None, unless using a third party component or a plugin. Many features built in: Personal profile, personal area, connections between profiles, forums, blogging.

Thoughts?

Content Management Systems, Ektron, Joomla , , , , , , ,

5 Missing Features Preventing Joomla! CMS from Entering the Enterprise CMS Market

August 19th, 2008

You’ll love Joomla! CMS because it is a great open source and free CMS with lots of features, stable releases, and it comes with a huge supporting community. Don’t get us wrong, we love Joomla CMS too and truly believe that this open source application is a big head start for any content based website. But since we used Joomla on many advanced Web 2.0 websites, we have found its limits, and sometimes struggled with those limits to a point of considering other systems or even using a framework instead. Let’s look closer at the missing features:

Looking closer at what features Joomla is missing

1. Directory or node base category structure

This is one of the biggest pain points with using Joomla or trying to explain how to use Joomla to new users. Joomla places all content items within sections and categories. Before Joomla 1.5, all content items were required to be in one of these sections and categories. In other words, the system was limited to a two level categorization and the categorization was enforced. In Joomla 1.5, it is not a requirement, however, if you wish to categorize the content items you must use this archaic system.

So, what’s missing? It needs a node based categorization. Similar to any folder structure out there in any operating system. You can create folders with content items in them and you have a nice flexible and fully comprehensible system. No more workarounds. This will then boost the use of any dynamic plugins that can rely on the folder structure for certain features. A great example is a News & Events section that is needed for almost every serious website: with flexible node system you can create a news folder and an events folder and place your articles there. If in the future you wish to add sub categories to your news – no problem! (with the current and the old system – you’ll have to rethink once you get to a certain depth level).

2. A Real Authorship Path and Publication Mechanism

Yes, it is true that users have multiple levels right out of the box in Joomla. But it lacks any sort of a mechanism that controls the workflow of the content item. Ideally, you will have one user that will add new content items and another that will have to approve before it goes live in a specific section. The publisher user will have the rights to publish only in his/her sections, etc. This is a basic feature in many enterprise content management systems.

3. Content Articles Versioning

In Joomla, once you made the change and hit that save button – there is no way to go back in time and undo your changes. Ideally, Joomla will save every instance of the content item and keep track of its versions. How it does it is not important, whether it uses SVN like versioning which efficiently saves only the diff values, or if it actually saves the entire content item every time a revision is made does not matter. The feature that is missing is the versioning itself.

4. Built In Separation Between ‘Live’ and ‘Staging’ Environments

For businesses that value their websites and understand the sensitivity of them, we always recommend setting up a staging environment. This is where all users, developers, and designers can see the latest revisions before it goes live. It provides another stage of error handling instead of working a fire drill on a regular basis. Many enterprise content management systems have this option as a built-in mechanism. From the same admin panel or work area, the admin presses a button and the latest version of the site is then ‘pushed’ live. We currently have linux scripts that do the job but there is no way for a non-developer to handle this case. Ideally, this needs to be from the admin panel of Joomla.

5. Document Management System (File Manager)

So, we all know that Joomla’s File Manager or ‘Media’ manager is a bit lacking. It has the basic functionality that assists with uploading files, moving, deleting them – but that’s it. A DMS (Document Management System) allows each user to manage their own document area, which in turn allows better handling of uploading and using files with drag and drop controls, and improved management interface for admins that can more easily handle large amount of folders and files.

Conclusion

Joomla CMS is a great open source CMS, no doubt. However, if the above five missing features are added, it will make it easier for us to be able to offer this CMS to the enterprise. For now, the commercial CMS spectrum is what we got to work with for enterprise level content management systems.

Content Management Systems, Joomla, Web Development , , , , ,