Works as designed, but not necessarily as expected...

(for those non-Australian's out there, translate to; “Gee... It didn't do what I thought it would...")

Written by Russell Winter

Australia

Well, if any of you have seen some of my posts in the forum, you know that when I get on a roll, man. I can post some dooozies... So the plan is to deliver a series of articles in collaboration with a number of other Joomla! experts and well-known characters that relate to Site Planning, Integrity, Security and Maintenance over the coming months. For some of you, these might be a little basic, while others might find them to be worth the time spent reading them, we hope it will be the latter.

By way of an introduction for those that might not know me and to re-acquaint myself with those that do. I am Russ Winter, I live in Melbourne, Australia and have been around Joomla! for a couple of years now, you can commonly find me in the forums under the name of RussW. I tend to hangout in the Installation and Security forums mostly, but have been known to peruse the rest of the forums on occasion, I am probably best know for my odd sense of humour but can occasionally post something useful. I have most been recently been involved with the development of the Joomla! Tools Suite project and have been fortunate enough to also have been invited to join the newly formed Joomla! Security Strike Team (JSST).

Security, Integrity and Maintenance is an absolutely huge topic and is easily one of the biggest mine fields for new hands and experienced community members alike, over the coming months I will endeavour, with the help of many of the Joomla! experts and well known characters, to dispel some of the misunderstandings and urban myths, whilst also trying to simplify some of the hype and complexities of the topic.

 

Topics that are currently on the list to be covered are:

  • Joomla! Site planning and preparation
  • The meaning of “writable”
  • Common hosting provider configurations
  • Unix permissions and ownership issues
  • Backup and recovery best practices
  • Site lock down techniques and methods
  • Joomla! maintenance and upgrades procedures
  • Third party tools and utilities to assist the cause

and along the way.... why Australia is just so kewl...

 

The folks of the Joomla! Community Magazine and the JSST are looking forward to delivering this series of articles to you and hope you will find them useful and informative over the period.

Catch you in the forums

RussW


1244 Votes

29 Comments

Feed
  1. I am running 2 websites on Joomla and I would like to see that every component programmer is obligated to explain Unix permissions and ownership issues. I can secure a Joomla website but some components are offering security risks. :(
  2. This looks good, Russ. There is one area where I feel Joomlah! needs to grow some more: the management side of CMS. In other words, managing the CMS as a whole, and not just its content.

    A case in point is user management. Any serious site with lots of users needs to be able to migrate these users between instances (dev, test, production, with subsets of the users if required), and also maintain the data across upgrades. Searching for this in Google or the forums is an exercise in frustration: there are many articles available on hosts of other topics, but this one seems to be brushed aside.

    If you already have something like this, or know where to find it, a pointer would be greatly appreciated.
  3. I'm pretty much discussion on the Internet about these issues. Key to stay with us .. those who seek. need to know what to choose
  4. Hi Russ,

    Sounds fantastic! I spend a LOT of time teaching my clients all the things you have mentioned and I suppose as a long time user of the various permentations from Mambo to Joomla 1.0 and then 1.5 I suppose I find Joomla 1.5 a little lacking sometimes in its usability (sometimes it is TOO simple) and there is not enough distinguishing between the administration and the CMS side of things. i.e. the majority of my commercial clients require a CMS but then also want all the whistles and bells.
    The old components/module seperation was very handy as it made the widgets a lot more obvious and often hid the more breakable modules! (Thats a benefit not a negative)

    I am looking forward to your articles and may even feed it to my site to help my clients!

    I also agree wholely with what publicitate said - data packaging and migration across local directory/JSAS (WAMP) and then onto the server requires a real knowledge and removes some of the simplicity that newer users might require. (Including some new admins)

    Well done so far!

    Kaety
  5. P.s. I am relieved I did not start migrating my clients to 1.5 until now as it appears versions 1.53-1.58 were as buggy as a certain mainstream operating system is when it is released ... i.e. dont use it until they have at least released SP1 or 2
    :)
  6. hi russ
    i`m from perú, i want to know more about your web site.
    please tell me
    thank you
  7. Joomla is an excellent tool and a great community for feedback and support.:-)
  8. I read the title and I tought: my Joomla site is not working as expected in many things. One of them is the lack of contextual things that would be nice they behave differently on each sections or categories of the site. I imagine a contact module that sends mails to different people depending on the page they are called. I am writing here but I'm surely going to ask on the forums to see if I am understanding everything. Writing components and modules is really powerful, and it's not that complicated if you have a good template.
  9. My partner and I are involved in some animal-friendly projects and work through a non-profit means. Reason #1 for choosing an open source project I guess.

    I am BRAND new to Joomla! but after researching the pros and cons of the CMS's available, we are going to choose Jommla! as being the CMS for replacing our site which is outdated having been online for many years now. However...

    We are on a UNIX Server. I take it this is going to be a hassle?

    I cannot access your phpbb forum here, it's not available and err's out, so I cannot reach the information I'd really like to to assure myself during the install process. There is no Install help/instructions in the zip or the main page I can see except links to the forum. Hopefully it gets fixed soon.

    I did notice that during some installs of other CGI scripts, permissions had be set lower than I would have liked for certain things to run. Just how open are these risks I am seeing talked about for a UNIX server platform?

    We'd been using YaBB but will switch to phpbb is this is suggested. Other than that I am looking forward to getting this project moving ahead and seeing the results! And OH yes, security is a HUGE priority as well, much agreed.
  10. I agree with others. Joomla is one of the best communities with great communication but it still need lots of improvement specially IMHO - in the Admin panel management. One has to have some bit of experience to be able to take full advantage of Joomla till now.
    What I am talking about is someone without any prior CMS experience to be able to use it to its fullest with just few hours self-tutorial on any platform.
    Hopefully that day is not too far. :)
  11. Look forward to this.

    Newbie looking to lock down dite before going live. Need to know chmod settings for ALL files and folders

    Joomla R E A L L Y rocks.

    2 months in and still going
  12. I glad to see that you intend to do this. I was looking for this kind of overview to be in the introduction to Joomla! I started using Joomla about one month ago and I am generally impressed with the project. Some things do concern me.

    1. It seems like there are a lot of unanswered posts. I wish I was an expert; I would spend some of them answering them.
    2. I had friends who lost their programming jobs over, “Works as designed not as expected”. It’s up there with, “Works on my box” and “I threw out those exceptions, because no one would ever get them ”
  13. Joomla is realy taking off here in South AFrica and I believe that the reason is the ability to create dynamic, secure community websites. Keep up the great work!8-)
  14. I am PATIENTLY waiting for this information. 8-)
  15. I'm very excited about your topic choices. These are subjects that can do the general Joomla! community a great deal of good.
  16. Hey Russel thanks for all the hard work!:-)

    I have worked on a few Joomla websites and for me the most important issues for a beginner to understand would be:
    Unix permissions and ownership issues and
    Backup and recovery best practices

    Site lock down techniques and methods would help people like me a great deal as we sometimes leave our site vulnerable though our eagerness to load just about every cool looking component.:-D
  17. I am developing a web site using joomla. It is a working site. Our client was concerned because she went to google and pulled up her working site by typing in the domain name. How do I lock it down from the public before it is made live?
  18. Great Post, Russe,
    Althrough i'm new BRAND new to Joomla but this really helped, gonna introduce them to my clients. expecting your further articles

    Well done, and really appreciated!!!!!!
  19. hi..how to create a website to joomla..could you pls help me.thank you..
  20. Carl, there's a community of people waiting to help. You might want to check out www.JoomlaIRC.com, it's a community of people chatting about Joomla!
  21. Great Post, Russe,
    Althrough i'm new BRAND new to Joomla but this really helped, gonna introduce them to my clients. expecting your further articles
  22. I am developing a web site using joomla. It is a working site. Our client was concerned because she went to google and pulled up her working site by typing in the domain name. How do I lock it down from the public before it is made live?
  23. RussW, very great posting. ;-)
  24. great posting. very good.
  25. Good article!

    Answer to Conni Little & Louis Vuitton sale,

    You can lock down the site in administration/global configuration. There is a site setting to put "site offline". If you check this option then no one can see the site until it is unlocked..
  26. Nice read, Thaks for all the information :)
  27. This article has been here for YEARS. Does no one write for the Joomla site anymore?
  28. hey i need help
  29. [code=html]My Site i have this site before in joomla but i shift in other cms as i m feeling of lack of security.

Add Comment


    • >:o
    • :-[
    • :'(
    • :-(
    • :-D
    • :-*
    • :-)
    • :P
    • :\
    • 8-)
    • ;-)