Plus there's whatever additional code has gone into creating the site. There are thousands of extensions - third-party modules - available for both Drupal and Joomla. The core isn't the only code that needs to be secure, of course. And there are some simple checks and balances to look for, like 'are they using the Joomla API?'"ĭeveloping secure modules and creating secure sites When new code comes in, the people doing the Commit reviews are always mindful of security issues. With Joomla, notes Andrew Eddie, a co-founder of the Joomla project and one of the major contributors to the code base, "We have a body called the JSST (Joomla Security Strike Team), and members of that performed a security review OF JOOMLA 1.6 before we released it. Who - if anybody - reviews core code in terms of security? "Both cores are terrific and very secure, and and both core development teams have good response times to reported security flaws," says Rafael Diaz-Tushman, President and CEO of Dioscouri Design, which provides IT support and web development services for the Guggenheim Museum, Jazz at Lincoln Center, and other business and non-profits. You'll probably supplement these with third-party extensions, some code of your own, and configurations and settings, but the "core" is what the projects' main teams develop. "Core code" refers to what you get when you download Joomla or download Drupal. The security principles with Drupal are designed to integrate with third-party applications in a more flexible, modern and secure way." Keeping core code secure the new Nooku platform for creating Joomla extensions may be the answer."īy contrast, says Justice, "In Drupal, everything that exists is an object, and that object can be a variety of types, content, media, applications, application programming interfaces (APIs) and more. And, Justice notes, he has been doing content management since the mid-1990s, and estimates he has used "about 170 or more CMSs by now.") "The group and role features of Joomla 1.6 are evolutionary but still limited to the security of content (articles). (Justice has also been a member of the Open Source Matters non-profit board of directors that manages the financial and legal aspects of the Joomla project, and a contributor to various core team discussions and strategies in the Joomla core team, the engineering hub and spoke for Joomla. "Joomla is focused on basic content management and security is based on purely access control," says Christopher Justice, Chief Executive Officer, Sparksight, Inc., a full-service creative and design advertising agency. Some security features and concerns reflect the two CMS's slightly differing approaches. The efforts of the Security Team have resulted in pretty frequent software updates to keep Drupal code secure." They provide assistance to module developers in resolving security issues and provide documentation to the community on how to write secure code to start with. The team's primary goal, says Powell, "is to identify and resolve security issues in Drupal Core and contributed modules. "The Drupal community is very serious about security and there is a Security Team that includes original creator Dries Buytaert and other major contributors to the platform," says Justin Powell, who runs Twin Red Media LLC, a small boutique agency that has standardized in Drupal. Tackling securityīoth the Drupal and Joomla project teams, and their associated communities, do, of course, pay strong attention to security issues. Third-party extensions - add-ons written by Drupal/Joomla developers, made available to others (either free or for a price, depending), typically through central directoriesĬustom per-site coding - done by design firms and other developers (who might also be the "customer")Īdmin configuration and other settings - setting access permissions for groups, users, articles, etc.Īnd, of course, there's also the security aspects of the physical server and its OS, and the rest of the IT environment, but that's way outside the scope of this article. "Core code" - the modules you get when you download/install Drupal or Joomla, as developed by the team.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |