⤫ Kununu Ե Twitter ⴳ  Flattr
 
 
CMS-Wechsel des ✛ΔO Webportals
Freitag, 15. März 2013
Eine Übersetzung für diesen Text ist nicht verfügbar.  Bitte wählen Sie die englische Version.
After two years in the making, the organization released its new offline Web Content Management System, named »LXCMS«. That system is part of the organization's recent strategy to improve its overall system security, in the wake of increased world-wide threats to cyber as well as information security.

The new system is set to improve the situation in the area of content delivery, though Joomla! SE was our trusted wCMS software in operation for a long time [1]. However the underlying Joomla! was always developed for the masses to fit their unspecific needs. Additionally Joomla! was always licensed under the GNU/GPL, unlike our new LXCMS which was put under our much simpler LTDL 2010. With Joomla! SE we could not have done the same thing for obvious legal reasons.

Also Joomla may have been easy to install and upgrade, but was time-consuming to administer in later stages of use [2]. The Joomla core itself was reliable indeed and so was the core of our wCMS Joomla! SE. Further developments though required our systems engineers to acquire a deeper knowledge of the software's code base [3]. Unfortunately development was never optional but explicitly mandatory, since new features and security enhancements had to be ported back to our advantage and our security.

In 2013 we decided to shut down Joomla! SE, as a part of our organizations strategy to security enhance every system and therefore every piece of software used in day to day operations [4]. The content from Joomla! SE was exported as static HTML and all MySQL databases and PHP parsers were shut down and purged from the systems entirely. LXCMS is being operated on our build systems to generate content for static site export to our web servers. The present portal minor version was also increased to reflect our endeavor in code/markup, content and design improvements.
 
Joomla! SE v1.2 problems:

  • Completely  MySQL  database  driven  site  engine  with  no  alternatives to  it like  files
  • Browser  or  FTP  upload  of  content  to  our  own library for  use  anywhere  on  the  site
  • Dynamic Forum/Poll/Voting booth for on-the-spot results and JS/ECMAScript in forms
  • Runs on GNU/Linux, FreeBSD, MacOS X server,  Solaris and AIX, req. PHP interpreter
  • Author  submission module for news,  articles,  FAQs or links, but no   versioning here
  • Automatic   path-finder   for  media   placement  which  works   differently   from  the  rest
  • Custom  page/site modules can be downloaded and installed to "spice" up ones site
  • A system  like  Joomfish!  had to be  integrated to  reflect different   content  constraints
  • Customized themes,  that must be accessible and valid but,  were often times  invalid
  • Restructured  archives  based on  RBAC permission  system but no MAC or OS  ACLs
  • Multi-editor   environment  installation  required   to   satisfy    web-pros   and beginners
  • JoomSEF  used to make content-search easier but added another layer of complexity
  • 5000+  lines of .htaccess  included to filter  spam-bots and  injections  on  server  level
  • Back-end  thoroughly secured  with  anti-DOS/Inject/etc., encryption and db  hardening

LXCMS v1.1 new features:

  • Runs  with  flat files  which can be  distributed, filled  w/ content and  backed  up  easily
  • No classic  front-end & back-end  required,  only  shell  scripts and  versioning system
  • Forms e.g. for  polls are  now unnecessary  and therefore  removed incl. ECMAScripts
  • Runs on all web servers  that support SSI/mod-include and that can serve HTML files
  • Content  submission  v/ TLS  secured  channels  either by  copy&paste  or  ver.  system
  • Uniform  system for  links with  SSI which is  always the same  within  the  whole  code
  • No modules like in other CMS systems which have the potential for total compromise
  • No  translation  engine req'd since  everything works  out of the  box now  with  flat  files
  • The theme is deployed via one central HTML and one CSS file with compliant markup
  • RBAC is the minimum req'd on the server and no ACL is required within the CMS core
  • No editor environment is installed since authors handle things locally to write markup
  • No  SEF  core req.  which dramatically  reduces  problems with indexing  and changes
  • Most .htaccess  information  specific to  Joomla! SE was replaced by   generic content
  • The CMS system generates static HTML and demands no hardening/enhancements
 
The outline above considered, we at TRON-DELTA.ORG think that LXCMS will successfully fulfill our requirements for the representation of our organization as well as the publication of news articles, intelligence reports and project-related information [5].
 
References:
Zuletzt aktualisiert (Mittwoch, 1. April 2015)
 
 
Folding@Home
 

DOKUMENTZEIT

  2017-04-24  ☀  16:00 UTC

CYBER THREATCON

  ✛ΔO CYBER THREATCON: Level BETA

SICHERHEITSMODUL

  ᐅ REQUESTOR / YOU
  ᐊ 1&1 INTR. AG  CDN

ABSTIMMUNG

Sollte ✛ΔO Ā»counter- intelligenceĀ« anwenden?
⚫ Ja, es gibt Bedarf für solche Operationen.
⚫ Nein, denn dies zu tun ist zu risikoreich.

BOOKMARK

Via Cmd oder Strg + D
Via Cmd oder Strg + D

STATISTIK

  Besucher: 618.250+ ℮

KAMPAGNEN

  25 Jahre Linux

TECHNOLOGIE

STADTWAPPEN

  Code Of Arms: Frankfurt

BETRIEBSSTATUS

  Anlage: Offen und in Betrieb
 
©  2003 - 2017   TRON-DELTA.ORG  (NGO)   –   Nongovernmental  Intelligence  Organization
Portal v5.04.050 R 1 mit ✛ΔO LXCMS v1.1