Usage tips - Drake CMS Official Forums

General discussion

Usage tips

Author

Message:

legolas558

Usage tips

14 January 2008 13:36

Anonymous

== Usage tips

= Security

Use the access and edit groups to limit the authorizations of your users. Test the usability of your website impersonating test users for each group.
Make weekly full tarball backups and move them off-site on a monthly basis.
Use strong passwords and do not give away the password of your Manager or Administrator user!
Update your software.
Use protected downloads to prevent leechers.
Look in the logs.
Do not use HTTP Basic Authentication, prefer Digest Authentication.
Check that nobody can access your config.php or your flatfile database files.

= Accessibility

Update the keywords and description of your content items after changes.
Do not use javascript trickery to allow access to certain parts of the website.
Test your webpages with Internet Explorer, Firefox and Opera.
Test all the components and features you use.

= Performance

Do not use the embedded statistics or any other PHP statistics, use the webserver statistics.
Prefer MySQL or any other server DBMS over SQLite or worse Gladius DB.
Use a PHP code cache.
Enable output compression to save bandwidth.
Do not retrieve URLs from the server when serving any page (like with URL fopen() calls).
Disable magic quotes!

awrog

Re: Usage tips

16 January 2008 10:02

Anonymous

Good tips.

Quote:

Check that nobody can access your config.php or your flatfile database files

Question: what to do to achieve maximum security?

Quote:

Prefer MySQL or any other server DBMS over SQLite or worse Gladius DB

I have to disagree wink

The Gladius database is quite 'up to the job'!
I have no problems with the performance whatsoever. If you are experiencing performance problems, it migt well be that other factors are causing the problems (bad configuration, overloaded servers, etc.)
The only drawback for Gladius is its lack of an administrative tool. Perhaps that will change in the future.

AWRog

legolas558

Re: Usage tips

16 January 2008 11:10

Anonymous

Quote by awrog:

Quote:

Check that nobody can access your config.php or your flatfile database files

Question: what to do to achieve maximum security?

Depends from the users which access your system

On a properly configured UNIX system you would do a:
Code:

chown apache:apache private/config.php
chmod go-rwx private/config.php

The above would allow only apache to access the config.php file.

Quote:

Quote:

Prefer MySQL or any other server DBMS over SQLite or worse Gladius DB

I have to disagree wink

The Gladius database is quite 'up to the job'!

It's not about agreeing or not, it's from the technical point of view (and I have written each line of Gladius DB): Gladius DB cannot scale well by design, when you reach a certain amount of records (we talk about thousands here) it will be slow (unless all PHP file opens are mapped). The slowest part will be the file write, I guess. However, I don't have any benchmark about it.

Quote:

I have no problems with the performance whatsoever. If you are experiencing performance problems, it migt well be that other factors are causing the problems (bad configuration, overloaded servers, etc.)

I am not saying that Gladius DB is slow. I have written it and, trust me, all possibly optimizations are in place. Only a superficial reader would say that I am suggesting to not use Gladius DB.
As said previously, Gladius DB performance depends from the number of records, and that's not scalability. I know it's meaningless for the average user, but Drake CMS is for average and professional users! smile

Quote:

The only drawback for Gladius is its lack of an administrative tool. Perhaps that will change in the future.

Gladius DB is a DB engine, administrative user interfaces are not part of database engines (like PHPMyAdmin is not part of MySQL).

Top

Drake CMS Official Forums - read-only archive