As a Joomla! developer I often find myself providing support to users of my software. Sometimes, despite my best intentions, I hit a stone wall: a server setting is amiss. In this case I explain to my users what the problem is and ask them to contact their host to rectify it. One of the most irritating situations I've found myself dealing with is when a host replies "we can't do this for security reasons". I would generally accept that, if only the host actually knew what they're talking about. And, yes, I am specifically talking about the fopen URL wrappers and the fact that they are stupidly disabled on many hosts.
There is a very common misconception that moving configuration.php outside of your Joomla! root somehow makes your site more secure. It’s so common that you can even find instructions on the Joomla! documentation wiki. Let’s separate the myth from the facts and let’s see why this “security” advice may not be as secure as one might think.
You may remember that two years ago I reviewed a great book about Joomla! 1.5 written by Eric Tiggeler. Fast forward two years. Joomla! has come up with a great new stable release, Joomla! 2.5. The need for disseminating the knowledge of the CMS to newcomers –or returning users of previous releases– is higher than ever, with Joomla! already powering almost 3% of all Internet sites out there. Eric has once more picked up the task and did a great job with his new book, "Joomla! 2.5: Beginner's Guide" available by Packt Publishing.
This is a user-submitted French translation of my "777: The number of the beast" blog post. Please do not post questions in the comments in French. My French is very rusty :)
Je vous promets, cet article n'a rien à voir avec la religion, il traite de la sécurité des sites web. Le démon que je mentionne se refaire au fait d'ouvrir une éventuelle porte pour permettre aux pirates de compromettre votre site. Cet article est long mais je vous promets que vous allez apprendre des choses que vous n'avez jamais imaginées. Faisons la lumière sur le mystère du numéro 777 et tuons le démon !
This is a question I have been asked too many times ever since I announced I would be refactoring the component to not use Nooku anymore. Well, it all boils down to stability and compatibility of the framework. And it's finally time to write down everything I have in my mind and promised to put on a blog post many times during the last three weeks.
Page 1 of 9