Secure content management systems?

Discussion in 'other software & services' started by msingle, May 2, 2003.

Thread Status:
Not open for further replies.
  1. msingle

    msingle Registered Member

    Joined:
    Jan 25, 2003
    Posts:
    82
    Hi,

    Does anyone have opinions based on how secure these content management systems are?

    Drupal
    Nucleus
    Geeklog

    Thanks.
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    Security here is a product of two factors: the script quality and the underlying platform.

    As for the scripts: the undelying PHP engine, Apache and Mysql suffer from the same vulnerabilities as all other components of a system. Mainly buffer overflow vulnerabilities. But there's no big deal if you maintain properly and keep your server behind a firewall.
    The scripts you mentioned seem okay. I can't recall having read alerts the last month (last few weeks there were some vulnerablities reported on EZpublish, Xoops and Postnuke, most of them are cross site scripting errors).

    For the platform: well, I suppose that securing a Windows or linux box is not a secret to you.

    My secret tricks :D
    I'm running e-smith (.org) as my internetserver (it's a stripped and hardened red hat linux, dedicated to be a firewall and web/mail server).
    It's very simple to install whatever script you want in one of the webroot directories (primary web root and the web root in so called ibays).

    My cms: e107 (.org). It's code is very small and of a very high standard (as I'm led to believe) and the community there is very responsive :-*
    But then again, as always, there's no perfect solution and you may well go for drupal or so.


    (no please don't... go for e107 ;) )
     
Loading...
Thread Status:
Not open for further replies.