CMS Security
Tom Metro
tmetro-blu-5a1Jt6qxUNc at public.gmane.org
Thu Dec 31 13:03:21 EST 2009
KyleL wrote:
> My boss has asked me to create a website for a payroll company and I am not
> about to design it from scratch so I thought my best bet would be to do it
> through a CMS such as joomla or drupal.
>
> My biggest concern is security. As this is a payroll company there will
> bank information, and a lot of money handling so security and functionality
> are my two most important subjects that I want to focus on.
I'd ask the same questions Dan raised, as that will determine the level
of security required and what options there are for achieving it.
For example, if there are only a few users who will me modifying
content, you might be able to use a hybrid solution where the CMS runs
on a private server, and then gets periodically "published" as static
pages to a public server. This could be supplemented with some limited
interactivity on the public server.
This approach gets you the CMS functionality where needed, while keeping
the public server bare-bones, and complexity is the enemy of security.
On the other hand, it isn't necessarily a win if it leads to you
inventing your own authentication scheme on the public server. Stick
with something tried and true.
-Tom
--
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/
More information about the Discuss
mailing list