[Qgis-community-team] joomla-version

Otto Dassau otto.dassau at gmx.de
Wed Jun 4 03:26:42 EDT 2008


Hi Tim and Thomas,

On Wed, 04 Jun 2008 08:55:22 +0200
Thomas Becker <thomasgeo at gmx.de> wrote:

> Hi Tim,
> 
> reading the last email from Otto I got the same feeling. It sounds to me 
> like the content will be static and this would (as you already said) 
> simplify the whole thing when it comes to security.

for the moment we plan to simplify the web presence, whatever this finally
means. I guess Stephan has a plan or some ideas in mind and I don't know if a
static solution can cover it. Talking about a simple solution for me doesn't
inevitably mean this simple. And

Beside this I think of the future, when we want to find volunteers to look
after various sections of the qgis.web. And here I would also vote for joomla,
because it is very simple, even without html/php/... knowledge it is no problem
to work actively within the userfriendly joomla environment.

Putting the static web pages into svn would be nice, but I use joomla now for
some years and never missed to go back to a certain revision, so for me svn is
not really necessary. We should definitely find a secure daily backup solution
maybe regular mysql backups [e.g. 1] and rsync it daily together with the joomla
environment to another server. I guess this is what Tim already used all the
time.

[1] http://sourceforge.net/projects/automysqlbackup/

regards,
 Otto
  
> Regards
> 
> Thomas
> 
> Tim Sutton schrieb:
> > Hi Folks
> > 
> > I was sitting here thinking about the 1.0 vs 1.5 debate and the fact
> > that we are heading for a much simplified web site, and was wondering
> > if we should not consider just making the site statically (just using
> > html and css)? Since a CMS is more suited to a continually updated web
> > site, there may be some advantges to just using 'plain old html and
> > css' to do it. For one thing we could structure the web site like:
> > 
> > qgis.org
> > qgis.org/de
> > etc
> > 
> > each folder could contain a mirror, just translated. Also we could
> > keep the whole thing in SVN which would add the advantages of a good
> > version control system. Also we wont need to worry about sql injection
> > etc attacks. Another advantage is that we could mirror the different
> > languages onto different servers or mirror the whole site easily
> > around different servers.
> > 
> > Its just a thought anyway...
> > 
> > 
> > Regards
> > 
> > Tim
> > 
> > 2008/6/3 Otto Dassau <otto.dassau at gmx.de>:
> >> Hi Thomas,
> >>
> >> On Tue, 03 Jun 2008 10:26:52 +0200
> >> Thomas Becker <thomasgeo at gmx.de> wrote:
> >>
> >>> Hi Otto and Stephan,
> >>>
> >>> I am quite new to the community and have no background on the decisions
> >>> made to use Joomla as the CMS for the web page. Personally I started to
> >>> use Joomla 1.0 some what two years ago and everything went fine until
> >>> the page got hacked due to a lack of security in a gallery module.
> >>>
> >>> As far as I know you will highly run into problems if you want to have a
> >>> flashy page. But thats something I doubt! Joomla 1.0 and 1.5 as well
> >>> coming with many possibilities to present the content in a nice way.
> >>>
> >>> According to the security I was reading a lot in the community pages and
> >>> it always comes down to a well established htaccess file. Everything
> >>> related to third party modules is your risk.
> >>>
> >>> Although I really like Joomla, have you ever been thinking about using
> >>> Typo3? I know it takes more resources at the surfer side but this is
> >>> secure. I don't know how they managed to do this but they have a check
> >>> system running and separate trusted and non-trusted extensions.
> >> Typo3 is a very powerful as far as I know, but our web team is experienced
in
> >> using joomla so it doesn't make sense to switch to another CMS, especially
> >> because we also made good experiences with joomla so there is no need to
> >> for change AFAICS.
> >>
> >>> When I was talking with the Joomla community about a system like this,
> >>> they have becoming mad. It takes to much effort to establish a system
> >>> like this and who should check all the code...
> >>>
> >>> On the other hand somehow it must work, when you see who is using Joomla:
> >>>
> >>> * Belgian Locale Police
> >>> * United Nations Regional Information Centre
> >>>
> >>> and so on.
> >>>
> >>> Question is also multi language support of the web page. Are you
> >>> intended to do so?
> >> This is a good question, I was also thinking about that and would vote for
it,
> >> because the new web presence is going to present only clear and limited
> >> information that won't change every week. Therefore it would be great to
have at
> >> least the oportunity to translate these texts in different languages...
what do
> >> others think about that?
> >>
> >>> I have been talking with the Joomla guys on the Linux Tag in Berlin some
> >>> days ago and they have been pointing me on a new component called Nooku
> >>> which is highly integrated into the Joomla 1.5 framework. Nevertheless
> >>> multilanguage support is also part of Typo3
> >> I have made good experiences with joomfish, it works on 1.0 without any
> >> problems. nooku seems to be the alternative for 1.5 - right?
> >>
> >>> However, if the decision is made for Joomla I would like to offer you
> >>> some of my time to support you. I am not so familiar in building
> >>> templates or adjust them either in Joomla or Typo, but I am working
> >>> already quite some time as an author on both systems.
> >> great Thomas, thanks a lot for your offer and I am sure we will find some
tasks
> >> for you :-). BTW - maybe you haven't read the recent mails about the qgis
> >> documentation. We would also need some volunteers to update the manual
sections
> >> according to some just define style conventions by Tara. And because I know
you
> >> work with latex this might be interesting for you as well?
> >>
> >> please have a look at the archive:
> >> http://lists.osgeo.org/pipermail/qgis-community-team/2008-June/000105.html
> >>
> >> best regards,
> >>  Otto
> >>
> >>> Cheers, Thomas
> >>>
> >>> Otto Dassau schrieb:
> >>>> Hi (Stephan),
> >>>>
> >>>> I just found that we (probably) get in trouble using joomla 1.5, because
the
> >>>> "new" server only provides PHP 5.0.4 and this causes various problems as
far
> >>>> as I found on several web pages.
> >>>>
> >>>> e.g.: The joomla 1.5 installation guide says: "Do not use PHP 4.3.9, PHP
> >>>> 4.4.2 or PHP 5.0.4" -> http://help.joomla.org/content/view/1938/310/
> >>>>
> >>>> For joomla 1.0 everything seems to be fine. As far as I found out the
server
> >> is
> >>>> a fedora core 4, php 5.0.4, mysql 4.1.20. This is like joomla 1.0 not new
> >> but
> >>>> stable, so it might fit very well? ;-).
> >>>>
> >>>> So if you don't mind too much, I would propose to use latest 1.0 version
for
> >> the
> >>>> web pages, because this would be secure, cause less work and probably
> >> trouble,
> >>>> especially because there are other projects (GRASS,GDAL,...) using the
> >>>> ressources, too.
> >>>>
> >>>> If you agree (especially Stephan), I would be happy and can start to
prepair
> >>>> everything :). Otherwise I can of course contact the SAC and try to find
> >> another
> >>>> solution. But they already told me, that thei support for our server is
> >> pretty
> >>>> limited and small from their side.
> >>>>
> >>>> kind regards,
> >>>>  Otto
> >>>>
> >>>> On Mon, 02 Jun 2008 23:57:08 +0200
> >>>> Stephan Reber <stephan.reber at sr-gis.de> wrote:
> >>>>
> >>>>> Hi,
> >>>>>
> >>>>> I have searched for information about the two joomla versions. The main
> >>>>> security problems of joomla in general are extensions and wrong
> >>>>> settings. This is indepedant from the used version. Here is a overview
> >>>>> of the points about security and the support I found.
> >>>>>
> >>>>> Joomla1.0:
> >>>>>
> >>>>>     * long time experience with security problems
> >>>>>     * stable
> >>>>>     * many extensions with experience about their security
> >>>>>     * only security patches for a certain time (depends on how long 1.0
> >>>>>       is widely used, there isn't a deadline yet)
> >>>>>     * there is no update to newer versions of PHP and MySQL in the
future
> >>>>>
> >>>>> Jooma1.5
> >>>>>
> >>>>>     * new security architecture (short time experience)
> >>>>>     * stable
> >>>>>     * fewer extensions (unsecure?)
> >>>>>     * support for a longer time
> >>>>>     * PHP5 works good, PHP4 may cause some problems (performance,
> >> stability)
> >>>>>     * there will be support of newer versions of PHP and MySQL
> >>>>>     * with the update to 1.6 (in the last quarter of 2008) there will be
> >>>>>       a access control list and only support of PHP5.2+.
> >>>>>
> >>>>> I hope, this will help us with the decision. I tried to be neutral,
> >>>>> though I argumented for the newer version in my last emails. But it is
> >>>>> not so important for me which version we use, as long as the website
> >>>>> works fine.
> >>>>>
> >>>>> Regards
> >>>>> Stephan
> >>>>>
> >>>>>
> >>>>> _______________________________________________
> >>>>> Qgis-community-team mailing list
> >>>>> Qgis-community-team at lists.osgeo.org
> >>>>> http://lists.osgeo.org/mailman/listinfo/qgis-community-team
> >>>> _______________________________________________
> >>>> Qgis-community-team mailing list
> >>>> Qgis-community-team at lists.osgeo.org
> >>>> http://lists.osgeo.org/mailman/listinfo/qgis-community-team
> >>>>
> >> _______________________________________________
> >> Qgis-community-team mailing list
> >> Qgis-community-team at lists.osgeo.org
> >> http://lists.osgeo.org/mailman/listinfo/qgis-community-team
> >>
> > 
> > 
> > 
> 


More information about the Qgis-community-team mailing list