CMSMS | CMS Made Simple

Yesterday I made an entry about CMSMS getting bigger and having a fair amount of users. Now, there is also a downside to this. Getting more attention will also attract hackers, knowing when they can get into one CMSMS website they can get into a lot more.

However, the development of the core is done by a of couple great developers. I don’t think the CMS Made Simple core would get into a lot of problems when getting bigger and having more users. Also, they would be releasing patches quickly when serious security holes would occur.

But how about the modules? And I’m not talking about the much used modules as they will grow and get updated with the core system because so many people use them. But the more unknown modules which don’t get updated very often.

Those modules will probably cause potential security risks in the future, since scripting never stands still and new vulnerabilities get discovered every now and then.

Now we all know that using GPL/Open source software comes without warranties, and using it is at your own risk, but when old modules get security issues CMSMS gets blamed, or at least associated with the vulnerability. This is kinda the way Joomla got his bad name in my opinion. Joomla as a clean install combined with decent chmodding is pretty safe, but with so many 3rd party modules its hard to keep track of what’s safe to use and what’s not, maybe not for the hardcore coders between us but it is for many others.

So what would be a good way to “protect users” against the risk of using older not updated modules?

Maybe a new module category in the forge called “Not updated in the last 12 months - could have potential security risks and/or isn’t compatible with new core systems” and automatically put all the modules in there which have not been updated in the last 12 months.

I’m really interested in how other people think about the module security. Am I just paranoid or could these thoughts be potential ideas?

Drop your thoughts in the comments!

Regards

Signex / Benjamin

Bookmark to:

Browsing thru the development part of the CMS Made Simple website yesterday I noticed that there are almost 100.000 downloads of the CMS Made Simple Core. With the release of 1.0.3 It cant take long before it reaches this magical number.

With the plans of CMSMS 2.0 coming with all the nice new features it can only get better. Off course it will take a long time before stable 2.0 series will be released but I cant wait for the first beta’s to be released.

So I would like to take this first blog entry for me as an opportunity to congratulate all the people that supported CMS Made Simple, whether that is with development, time in the forums, donating or just by using it.

More serious entries will follow soon!

Regards,

Signex / Benjamin

Bookmark to:

Hi all,

It has come to my attention that one of the biggest topics on the forum regarding CMSMS is a speed issue. Although 2.0 will have a page caching feature, 1.0.2 can suffer sometimes from slow page loads. To combat this, you should try uninstalling and deleting all unnecessary modules that you have in your setup. This can quite often lead to a nice speedup! Don’t forget that custom tags that are installed can slowdown page loads and also unused translations…

In the meantime, there is also a tag available which replaces the current content tag with ccontent. This caches the content and has resulted in a nice speedup on the sites I have tested it on. Thanks to cyberman for this! To download the cache tags, please goto http://dev.cmsmadesimple.org/projects/cache/ Bear in mind that you will have to alter the template and/or stylesheet that your site uses to make the cache tags work!

Right then, till the release of 2.0, bear these points in mind to keep your site nice and responsive…

Regards

Ade (3dcandy)

Bookmark to: