On quite a few occasions fellow developers ask me which is the best way to get started with Joomla! Development. Among other things, I always propose that they should have a complete reference of the Joomla! Framework API. The only book which was up to this task was “Mastering Joomla! 1.5 Extension and Framework Development”, albeit a bit outdated since it was written when Joomla!1.5 was still in beta, some two and a half years ago. When Packt Publishing announced that they’d release the updated “Mastering Joomla! 1.5 Extension and Framework Development (Update)” I got ecstatic! So, here you go, I reviewed the new edition of the book and I’m willing to share my experience with you.
Like all of you, I just found out that the upcoming Joomla! World Conference in Melbourne was postponed due to… a rain forecast?! I understand that this is a figure of speech (OK, I’m Greek, I’m not stupid). The “rain” is used metaphorically and this is exactly why I tweeted yesterday that “It takes more than a website and a joomla.org announcement to organize a world conference. It requires COMMUNITY involvement”. Some people mistook my tweet as a bad take on the Australian and Asian Joomla! Community and the event’s organizers, implying that they’re incapable, or unimportant, or something like that. On the contrary! This is why I am writing this blog post.
Unless you live under a rock, you already know that the past three days J and Beyond 2010 was taking place in Wiesbaden, Germany. The fact that it was the first international Joomla! event was further stressed as it was organized (impeccably!) by the community, for the community. It has been an amazing experience and – certainly – the best three days of my Joomla! life.
For everyone who has read the latest Joomla! Developer Working Group notes, there is one thing which instantly became apparent: Joomla! is like a patient on life support.
As I’ve written in the recent past, one of the most challenging endeavours for anyone experienced in Joomla! is trying to disseminate his own knowledge of the CMS to a complete newbie. Being a developer – instead of a tutor – puts me in an impossible position, as my understanding of the system is registered within me in a way that’s impossible to transfer to a non-developer. Well, unless he’s in for a steep learning curve and awkward tech-talk. Thankfully, there’s Packt Publishing’s new book, “Joomla! 1.5 Beginner’s Guide”, written by Eric Tiggeler. As promised, this is the full review of the book!
Don’t miss the raffle at the end of the article!
As you all know, every new Joomla! installation comes with a Super Administrator account with a well-known user ID: 62. Nobody really knows for sure why 62 was chosen, but this can lead to your site’s security being compromised. Why? It is a very well known value and potential hackers can take advantage of it in conjunction with another vulnerability to take control of your site. Known constants are a security nightmare as made clear in the case of the attack against Joomla! 1.5.5 which caused a lot of sites to be compromised as the researcher who found the vulnerability released it to the general public before the Joomla! team had a chance to fix it.
One easy workaround is to demote this well-known user account down to the Registered level and block it, hanging potential hackers to dry. However, in order to complete our security modification we do need another Super Administrator. The problem is that if you just create a new user his ID will be 63, which is not secure at all; it’s a hacker’s next best bet. So, we need a way to create a Super Administrator with a random ID, preferably in the 1-61 range which is otherwise unused in Joomla!. This is what we are going to do, folks, without even using phpMyAdmin for the task.
Note: You will be modifying your site’s database. Even though the following procedure is well-tested, it’s best to practice it on a local testing server first.
Whenever I say to a circle of friends that I am a Joomla! developer, the dreaded question always pops up: “Hey, I’ve heard that this Joomla! thing is good, can you help me build my own site?”. This usually makes me frown because a. the person who asks is a complete newbie to Joomla! and/or web sites and b. they don’t want to hire a web developer – like me, for example – to build their site. If I respond positively to such an inquiry I will end up building a site, explaining step-by-step how I do that, do a lot of training and not get paid for my time (no, buying me a coffee doesn’t make up for 80 hours of lost time, sorry). If I respond negatively I am usually accused of elitism, or even confronted with the equally dreaded “Oh, come on, you’ll just teach me the basics, I don’t want to steal your job”. Awh… What can anyone do in such an awkward situation?
If you have ever been a regular of the Joomla! forums you have most certainly come across some frustrated post of a paniced user whose site has been hacked. The truth is all web applications suffer from the same phenomenon, not because they are insecure by nature, but because most people don’t have the slightest clue on what they are supposed to do to protect their site. Security isn’t all that hard, but isn’t all that straightforward, either. It’s a bit like contraception. It’s necessary, but no method is bulletproof. As a result, this article is not meant to be a complete guide to Joomla! security, but – very much like the Joomla! Security Checklist – it is just a set of guidelines you can easily follow, for that extra peace of mind.
[span class=notice]This article was originally written in December with the intent of being volunteered to the Joomla Community Magazine. Three months down the road and things are still stagnating for JCM, mostly due to the unavailability of volunteers. I decided to post this article on my site for two reasons. First being, it would become irrelevant by the time JCM would finally be online. The second – and most important – being a call for volunteers. Joomla! needs you. Please, give some of your time to be part of this. Thank you![/span]
This is an excerpt of my guest blog entry on osSupportDesk’s blog. There’s a link to the full article below.
A few months ago I had presented one way of automatically assigning subdomains on a local testing web server, without having to edit your httpf.conf file all the time. For those who hadn’t been following this blog, I’m talking about my “Holy Grail of local web development servers” article, achieving subdomain names in the format myapp.local.web by simply creating the folder myapp on your local web server’s root. Even though the solution presented last time was elegant, it lacked that supernatural touch of a really great solution. I could never quite stomach those ugly URL rewriting rules. So, here it is: we revisit this issue and improve the solution!