I was going throught the newsgroups and found a thread where a guy was touting Postnuke over PHPNuke. Although I don't wan't to start a flame war, this guy claims Postnuke is more secure than PHPNuke because it's "certified" by IBM as secure. (At least that's the way I read it).
Although I haven't had any security problems, I assume that Postnuke hasn't been certified by IBM and the usenet post is misleading. Are there any developers that can give any comments on how secure Postnuke really is?
You can view the post here: http://groups.google…ni-berlin.de&rnum=4
It's in a motorcycle group of all places....
Grant
Watch
GitHub Core
Show your support for Zikula! Sign up at Github account and watch the Core project!
GitHub Modules
Forum Activity
- damon responded to »Can the Updated Version Check be Turned Off (Z 1.3)« 03:19 AM
- frw responded to »Bug in the SMTP mail transfer protocol - Port 25 - Zikula 1.2.9« 22. May
- mdee responded to »Short URL questions« 22. May
- mesteele101 responded to »Problem in Database Connection« 21. May
- Herr.Vorragend responded to »Clip Documentation and Doubt« 19. May
- mazdev responded to »zikula 1.3.3. and IE9« 19. May
- mesteele101 responded to »How to install Zikula for MSSQL ??? - Part II« 19. May
Zikula Blog
- Anatomy of Open Source Projects on Mar 07
- Continuous Review on Mar 01
- Not Invented Here on Feb 24
- How to Contribute Your Code at Github on Jan 13
- 10 Steps to Coding-Nirvana: Tips for Successful Module Writing on Nov 12
- Submitting Bug Report Tickets That Get Results on Aug 17
- Cozi Tricks #1: Syntax Highlighting on Aug 07
Login
[OT]: Postnuke vs PHP nuke thread on usenet
-
**unknown user**
- Rank: Softmore
- Registered: Mar 16, 2002
- Last visit: Oct 21, 2009
- Posts: 240
Posted: Jan 22, 2004 - 02:54 PM
-
- Rank: Team Member
- Registered: Mar 18, 2002
- Last visit: Oct 21, 2009
- Posts: 6606
Posted: Jan 22, 2004 - 10:00 PM
Grant,
Here's the real story I belive the person if referring too. It's IBM server proven rather than certified.
The architecture of PN is aimed at making things more secure by providing API's for developers to get clean input (pnVarCleanFromInput), store data in the DB (pnVarPrepForStore) etc. These API's ensure the integrity of information being supplied to the application. To this we add the PN coding standards. These document the steps that developers should take to write secure code.
Of course developers still have to follow these and there have been security issues found even in the core code as well as a number of modules. So a further piece in the puzzle is response to security issues. PN's true open source nature - CVS etc. means that fixes can be discovered and distributed as quickly as possible.
-Mark
--
Visit My homepage and Zikula themes.
- Moderated by:
- Support
