[Cialug] SOT: What is everyone's favorite FOSS CMS these days?

Matthew Nuzum newz at bearfruit.org
Fri Aug 12 13:06:26 CDT 2011


On Fri, Aug 12, 2011 at 12:58 PM, Paul Gray <gray at cs.uni.edu> wrote:

> On 08/12/2011 12:42 PM, Nicolai wrote:
> > Since security is your primary criteria, and only since it sounds
> > common to run Apache insecurely, I'd say this:
> ...
>
>  When I once needed a CMS, I investigated the possibilities, didn't like
>> any of them, and just wrote my own.  I'm not a good programmer but it
>> was easy.
>>
>
> Nicolai...
>
> Did you really just endorse a secure infrastructure and then go on to claim
> - with the added caveat that you weren't a good programmer - to have
> implemented your own CMS?
>
> Sorry, but that's funny.
>
>

Well, there are CMS frameworks out there that give you a good foundation to
start with. For example, Django and Rails both give you mature tools that
have an eye to security and allow you to have a special purpose CMS in
hours.

Because the framework deals with a lot of your common security concerns such
as race conditions, sql injection, xss and csrf you can code much quicker.
Also, having a common open source CMS may make you more vulnerable because
people create automated tools to help would-be hackers gain access to an out
of date system. An unknown CMS built on a good framework could decrease your
attack surface.

-- 
Matthew Nuzum
newz2000 on freenode, skype, linkedin and twitter

♫ You're never fully dressed without a smile! ♫
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110812/393694fe/attachment.html>


More information about the Cialug mailing list