|
|
 
|
|
Author
|
Topic: CMS websites and Joomla
|
|
|
Scott Jentsch
Phenomenal Film Handler
Posts: 1061
From: New Berlin, WI, USA
Registered: Apr 2003
|
posted 02-17-2010 01:42 PM
While I don't know what they tried to explain to you, I can try to help explain things in general terms.
CMS stands for "Content Management System" which basically means (in this context) that you have control over what information is displayed and when. Most CMS systems have layers of access control, so that certain users may have access only to certain content and/or functions. Often, these systems will allow a group of users to make changes, but not publish them, and then someone with higher access needs to approve the changes and make them public.
Good ones that are comprehensive will also have dual environments, where you can see content that has been edited and ready to go before it is made available to the public. This is especially important when you have a staff member that will be doing the work, but is perhaps not qualified to have those changes be shown to the public without someone taking a look at it first.
Whenever you are considering using pre-canned software solutions like Joomla, et al, do some research into the security bulletins that may be active for that software. These systems are popular targets for hackers and you don't want someone to get into your site and have their way with your web site and your server because you chose a package that has more holes than swiss cheese.
For this to be truly successful, the site needs to be designed in such a way that it can be maintained easily using the CMS system (in this case, Joomla). A well-designed setup should separate the content from the layout, so that you're not having to deal with layout issues when you just want to change your ticket prices or hours of operation.
I've not used Joomla, because I have an inherent distrust of open-source software that I have not picked apart with a fine-toothed comb, looking for security issues. I ran into that years ago with forum software that was one of the most popular open-sourced programs. Unfortunately, that also made it a prime target for hackers, and a compromise was exploited, causing a huge headache and hours of lost time. Fortunately, it was caught quickly and the decision was made to remove the software rather than try to apply the patches that were released to address the problem.
One last bit of advice, and it may not apply in your situation. Don't fall into the trap of installing a complex system when all you need to do is make simple updates. You said that you've had full access to the site using Frontpage, so have you taken advantage of that and made a large number of updates to the site beyond changing ticket prices, movie showtimes, etc.? If not, you may be able to implement something that doesn't have to allow full access to every element on every page, but rather, just lets you modify the information that changes often. The tradeoff is that such a system may be easier to use and maintain, without the additional complexities that would be needed to enable major changes to the site and its layout.
It all depends on your needs and what level of control over the site you ultimately want to have on a regular basis. Just be careful of the implications of installing someone else's code on your server and keep an eye on things to install patches when they are available, and to monitor your site for abuse behind the scenes.
| IP: Logged
|
|
|
|
Chris Slycord
Film God
Posts: 2986
From: 퍼항시, 경상푹도, South Korea
Registered: Mar 2007
|
posted 02-17-2010 11:11 PM
quote: Scott Jentsch
I've not used Joomla, because I have an inherent distrust of open-source software that I have not picked apart with a fine-toothed comb, looking for security issues. I ran into that years ago with forum software that was one of the most popular open-sourced programs. Unfortunately, that also made it a prime target for hackers, and a compromise was exploited, causing a huge headache and hours of lost time. Fortunately, it was caught quickly and the decision was made to remove the software rather than try to apply the patches that were released to address the problem.
So you don't trust open-source software that you haven't gone through with a fine-toothed comb, but possibly trust some proprietary app that you also haven't done the same with?
And incidentally, the application you got burned on was already patched (presumably by some people who combed through it) before you got hit but you just hadn't updated, which seems to be what happens a lot with proprietary apps as well (someone doesn't patch windows, get hits by a bug fixed months prior, and yells at MS).
| IP: Logged
|
|
Scott Jentsch
Phenomenal Film Handler
Posts: 1061
From: New Berlin, WI, USA
Registered: Apr 2003
|
posted 02-18-2010 06:09 PM
Actually no, I trust apps that we've created in-house using the best practices to avoid such issues. Does that guarantee that no problems will ever happen? No, but it minimizes it and since no one else can see the code we've written, there's much less of a chance of exploits being developed for it.
There's a difference between using commercially or privately developed software and using open-source software whose code is widely and openly available. Open-source is not bad, per se, but it has a dual-edge to it. Being open source may mean that more people looking at it will make it a better product. However, it also means that hackers can create their exploits easily and test their work before deploying it.
You are correct that a fix was not applied between the time the fix was available and the exploit went wide, but if I recall correctly, communication was not done well by the developers and subsequent and repeated issues with that software made us determine that it wasn't worth having on the site due to the exposure it presented and our lack of desire to keep up with the barrage of updates that would likely ensue.
| IP: Logged
|
|
|
|
|
|
|
|
All times are Central (GMT -6:00)
|
|
Powered by Infopop Corporation
UBB.classicTM
6.3.1.2
The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion
and agrees to release the authors from any and all liability.
|
Home
Printer-friendly view of this topic