CMS Change of the ✛ΔO Web Portal
Friday, 15 March 2013
After two years in the making, the organization released its new offline Web Content Management System, named
»LXCMS«. That system is part of the organization's recent strategy to improve its overall system security,
in the wake of increased world-wide threats to cyber as well as information security.
The new system is set to improve the situation in the area of content delivery, though Joomla! SE was our trusted wCMS software in operation for a long time [1]. However the underlying Joomla! was always developed for the masses to fit their unspecific needs. Additionally Joomla! was always licensed under the GNU/GPL, unlike our new LXCMS which was put under our much simpler LTDL 2010. With Joomla! SE we could not have done the same thing for obvious legal reasons.
Also Joomla may have been easy to install and upgrade, but was time-consuming to administer in later stages of use [2]. The Joomla core itself was reliable indeed and so was the core of our wCMS Joomla! SE. Further developments though required our systems engineers to acquire a deeper knowledge of the software's code base [3]. Unfortunately development was never optional but explicitly mandatory, since new features and security enhancements had to be ported back to our advantage and our security.
In 2013 we decided to shut down Joomla! SE, as a part of our organizations strategy to security enhance every system and therefore every piece of software used in day to day operations [4]. The content from Joomla! SE was exported as static HTML and all MySQL databases and PHP parsers were shut down and purged from the systems entirely. LXCMS is being operated on our build systems to generate content for static site export to our web servers. The present portal minor version was also increased to reflect our endeavor in code/markup, content and design improvements.
The new system is set to improve the situation in the area of content delivery, though Joomla! SE was our trusted wCMS software in operation for a long time [1]. However the underlying Joomla! was always developed for the masses to fit their unspecific needs. Additionally Joomla! was always licensed under the GNU/GPL, unlike our new LXCMS which was put under our much simpler LTDL 2010. With Joomla! SE we could not have done the same thing for obvious legal reasons.
Also Joomla may have been easy to install and upgrade, but was time-consuming to administer in later stages of use [2]. The Joomla core itself was reliable indeed and so was the core of our wCMS Joomla! SE. Further developments though required our systems engineers to acquire a deeper knowledge of the software's code base [3]. Unfortunately development was never optional but explicitly mandatory, since new features and security enhancements had to be ported back to our advantage and our security.
In 2013 we decided to shut down Joomla! SE, as a part of our organizations strategy to security enhance every system and therefore every piece of software used in day to day operations [4]. The content from Joomla! SE was exported as static HTML and all MySQL databases and PHP parsers were shut down and purged from the systems entirely. LXCMS is being operated on our build systems to generate content for static site export to our web servers. The present portal minor version was also increased to reflect our endeavor in code/markup, content and design improvements.
Joomla! SE v1.2 problems:
LXCMS v1.1 new features:
- Completely MySQL database driven site engine with no alternatives to it like files
- Browser or FTP upload of content to our own library for use anywhere on the site
- Dynamic Forum/Poll/Voting booth for on-the-spot results and JS/ECMAScript in forms
- Runs on GNU/Linux, FreeBSD, MacOS X server, Solaris and AIX, req. PHP interpreter
- Author submission module for news, articles, FAQs or links, but no versioning here
- Automatic path-finder for media placement which works differently from the rest
- Custom page/site modules can be downloaded and installed to "spice" up ones site
- A system like Joomfish! had to be integrated to reflect different content constraints
- Customized themes, that must be accessible and valid but, were often times invalid
- Restructured archives based on RBAC permission system but no MAC or OS ACLs
- Multi-editor environment installation required to satisfy web-pros and beginners
- JoomSEF used to make content-search easier but added another layer of complexity
- 5000+ lines of .htaccess included to filter spam-bots and injections on server level
- Back-end thoroughly secured with anti-DOS/Inject/etc., encryption and db hardening
LXCMS v1.1 new features:
- Runs with flat files which can be distributed, filled w/ content and backed up easily
- No classic front-end & back-end required, only shell scripts and versioning system
- Forms e.g. for polls are now unnecessary and therefore removed incl. ECMAScripts
- Runs on all web servers that support SSI/mod-include and that can serve HTML files
- Content submission v/ TLS secured channels either by copy&paste or ver. system
- Uniform system for links with SSI which is always the same within the whole code
- No modules like in other CMS systems which have the potential for total compromise
- No translation engine req'd since everything works out of the box now with flat files
- The theme is deployed via one central HTML and one CSS file with compliant markup
- RBAC is the minimum req'd on the server and no ACL is required within the CMS core
- No editor environment is installed since authors handle things locally to write markup
- No SEF core req. which dramatically reduces problems with indexing and changes
- Most .htaccess information specific to Joomla! SE was replaced by generic content
- The CMS system generates static HTML and demands no hardening/enhancements
The outline above considered, we at TRON-DELTA.ORG think that LXCMS will successfully fulfill our requirements for
the representation of our organization as well as the publication of news articles, intelligence reports and
project-related information [5].
References:
- ↟ "TRON-DELTA.ORG - Projects: ✛ΔO LXCMS"↗. TRON-DELTA.ORG (NGO). Retrieved 01 April 2015.
- ↟ "Joomla! Documentation™: Upgrading Versions"↗. Open Source Matters, Inc. / Joomla! Documentation™. Retrieved 01 April 2015.
- ↟ "GitHub: Joomla! (Sources)"↗. GitHub, Inc. / Open Source Matters, Inc. Retrieved 01 April 2015.
- ↟ "TDO:ADM: Cyber Security Policy 2013"↗. TRON-DELTA.ORG (NGO) / PASTEBIN | #1 paste tool since 2002. Retrieved 01 April 2015.
- ↟ "TRON-DELTA.ORG - Twitter Account [25 March 2015]"↗. TRON-DELTA.ORG (NGO) / Twitter, Inc. Retrieved 01 April 2015.
Last Updated (Wednesday, 01 April 2015)