There is a very common misconception that moving configuration.php outside of your Joomla! root somehow makes your site more secure. It’s so common that you can even find instructions on the Joomla! documentation wiki. Let’s separate the myth from the facts and let’s see why this “security” advice may not be as secure as one might think.
You may remember that two years ago I reviewed a great book about Joomla! 1.5 written by Eric Tiggeler. Fast forward two years. Joomla! has come up with a great new stable release, Joomla! 2.5. The need for disseminating the knowledge of the CMS to newcomers –or returning users of previous releases– is higher than ever, with Joomla! already powering almost 3% of all Internet sites out there. Eric has once more picked up the task and did a great job with his new book, “Joomla! 2.5: Beginner’s Guide” available by Packt Publishing.
This is a user-submitted French translation of my “777: The number of the beast” blog post. Please do not post questions in the comments in French. My French is very rusty 🙂
Je vous promets, cet article n’a rien à voir avec la religion, il traite de la sécurité des sites web. Le démon que je mentionne se refaire au fait d’ouvrir une éventuelle porte pour permettre aux pirates de compromettre votre site. Cet article est long mais je vous promets que vous allez apprendre des choses que vous n’avez jamais imaginées. Faisons la lumière sur le mystère du numéro 777 et tuons le démon !
This is a question I have been asked too many times ever since I announced I would be refactoring the component to not use Nooku anymore. Well, it all boils down to stability and compatibility of the framework. And it’s finally time to write down everything I have in my mind and promised to put on a blog post many times during the last three weeks.
As you all know, Joomla! 1.7 brought a major change in the direction of the project. The self-developed libraries upon which the Joomla! CMS is built on are now spun-off as a separate project, called Joomla! Platform. The goal of this split is to allow developers to built applications on the Joomla! Platform without having to install the Joomla! CMS and all the unnecessary cruft this brings with it. The vision is to have a standalone framework, much like Zend Framework, CakePHP, CodeIgniter or Symphony, with a twist. It will be equally easy to create a component for the Joomla! CMS, a standalone web application or a CLI (command-line) application without much changes in the source code or, at least, reusing big portions of it. A mighty, noble goal. Is it possible? Are we there yet? Is it worth it?
If you are into Joomla! extensions development you are undoubtedly familiar with the rule of index.html, that is the necessity to put a “blank page” index.html file on any and all directories containing PHP files. This habit is so ingrained to the mentality of Joomla! developers that it’s now dubbed a “security feature” and made a prerequisite to publishing your extension in the Joomla! Extensions Directory. The thing is, is it really a security feature or are we trying to solve the wrong problem?
As you already know, I am a big fan of Ryan Demmer’s JCE (Joomla! Content Editor). It’s the one and only editor installed on all of my sites. I am also a huge fan of Nuevvo/JoomlaWork’s K2 CCK extension. It’s what powers this blog as well pretty much every other site I have ever and will ever build. Almost two years ago, I had written a nifty AdvLink plugin which enabled JCE 1.5.x to link to K2 categories and articles. Now that JCE 2.0 is being released, that plugin ceased to work. Guess what? I rewrote it and put it on steroids!
It’s mid-May now and we’re less than a month away from Joomla! 1.7’s release. As you may have already heard, Joomla! 1.7 is more or less the same as Joomla! 1.6 with a few additions for developers. With Joomla! 1.8, the next Long Term Support release, closing in it is a good time to start considering the improvements in the new generation of the CMS and preparing yourself for a migration. What you need, as a site integrator and user, is a guided tour of Joomla! 1.6 and beyond.
There has been a lot of controversy over a number of changes introduced in Joomla! 1.6. One of the top ones (in my humble opinion, the least significant one nonetheless) is about the changes in the language files in Joomla! 1.6. People argue that the new scheme provides less flexibility and doesn’t allow using a single extension installation package for Joomla! 1.5 and 1.6. To cut a long story short, this is utter bullocks and I’m going to tell you why. If you are a Joomla! developer, you’d better read this post. After all, I do offer unified Joomla! 1.5/1.6 packages for all of my extensions for the last nine months.
You may have seen me on quite a few occasions advising against using Joomla! 1.6. You have most certainly seen that I was the first developer to embrace Joomla! 1.6 and my extensions were among the first to fully support Joomla! 1.6. Actually, Akeeba Backup was the first major extension and the first third-party extension ever to run natively on Joomla! 1.6. So what is that? Am I hypocrite? Am I suffering from schizophrenia? Or is it something more unalarming?