View all essays

Mayday Mayday

Control that

The Nope Checklist:

  • Joomla
  • WordPress
  • Drupal
Okay, but what I'm supposed to use if I want to avoid the most popular Content Management Systems? These popular CMS are very nice. With a lot of fancy features which help us to set up a professional and nice looking website in 1 2 3. But you know, fancy features open the door for fancy bugs and holes. Security flaws, vulnerabilities...
The core of theses CMS are most of the time secure. Well, I exclude user errors, misconfigurations. But running a bare minimal CMS is not so fancy and very limiting. People, visitors like to see fancy stuff, me too. So to pass that barrier, we install fancy add-ons and template frameworks. Without knowing what is going on in the background. But then the real issue start to happen if we are not very careful. Because it is very difficult to follow up all vulnerabilities. For many of these add-ons, these vulnerabilities are not published, because they are not know. Some developers also opt for "Security By Obscurity", but that is very bad path to take.
Building up a CMS from scratch is very tedious, very risky too. Have done that in the past, a few actually in PHP, in Python and even more, but I should not tell to much. And all that, takes ages and requires a lot of resources. I also request serious expertise in various domains. That's team work, because alone, you can not have all these needed expertise. In other words, that cost a lot of money. Because people do not work for free. For fame, yes!
Maybe I should jump back to a static HTML website. Without JavaScript. OMG, I can not even imagine that.