- Looking for ultra-simple CMS
- Posted by Tony on January 17th, 2006
A charity has asked me to help sort out their web site. It is a very simple
site, but as they run weekly events, what they really need is to be able to
update the content without needing an expert.
I have had a Google for CMS, and also looked at what has been discussed in
this group. Everything I've seen seems a bit OTT and gives the client the
ability to do all sorts of things that they shouldn't. Really they only
need to be able to change the text content of certain table cells.
My wife keeps her site up to date using Mozilla editor and the FTP facility
in IE, but she is fairly disciplined and asks me if she wants to do anything
complicated! Maybe this is the answer and trying to make it automatic would
be too clever.
Any ideas?
--
Tony W
My e-mail address has no hyphen
- but please don't use it, reply to the group.
- Posted by Geoff Berrow on January 17th, 2006
Message-ID: <enazf.2785$wl.2471@text.news.blueyonder.co.uk> from Tony
contained the following:
Probably. To make it more foolproof will require some cleverness and
familiarity with server side scripting.
--
Geoff Berrow 0110001001101100010000000110
001101101011011001000110111101100111001011
100110001101101111001011100111010101101011
- Posted by Alan Terry on January 17th, 2006
In article <enazf.2785$wl.2471@text.news.blueyonder.co.uk>, Tony <news-
reply@t-onywoolf.co.uk> writes
I'd go a different route!
I'd get them to keep (eg) a word doc up to date, pdf it and get them to
ftp that to the site when needed and have a fixed link to open the pdf
from the page.
Doddle
)
--
Alan ............
- Posted by Andy Dingley on January 18th, 2006
On Tue, 17 Jan 2006 18:07:06 GMT, "Tony" <news-reply@t-onywoolf.co.uk>
wrote:
Integrate a simple blog or BBS into their site (phpBB or many others).
With most of these you can easily configure them so that there's
post-only access for a group of moderators and read-only access for the
public, without needing to register.
Although the complexity of the code you install is vastly more than you
need, the work of doing so is easy. It's just wasting a bit of disk
space.
- Posted by Alan J. Flavell on January 18th, 2006
On Wed, 18 Jan 2006, Andy Dingley wrote:
I'd agree with that general idea, subject to the caveat mentioned
later...
We're recently using a wiki, with only a limited number of staff
authorised to modify it. As it happens, we aren't controlling read
access to it, but, if the material was supposed to have only a limited
readership, one could also put the usual access controls for who is
allowed to read it (read-access controls are usually managed by the
server itself, rather than by the specific BBS/wiki/faqomatic/...
application).
Agreed.
Right; but all of these products turn out, sooner or later, to have
security weaknesses. So it's important that you give very careful
consideration, when setting them up, to defining a workable process
for applying security patches to them in future. If you fail to do
that, you'll become a sitting target for hackers. I think this point
is worth stressing.
good luck
- Posted by Richard Watson on January 18th, 2006
Andy Dingley wrote:
By the same token a wiki would also seem ideal depending on your
favoured paradigm.
- Posted by Andy Dingley on January 19th, 2006
On Wed, 18 Jan 2006 16:58:33 +0000, "Alan J. Flavell"
<flavell@ph.gla.ac.uk> wrote:
This is perfectly true. However I'd rather trust an install of
"popularBBS" with a half-competent admin who keeps it patched, rather
than an in-house developed CMS with its own set of holes and no-one
looking after them.
Also most BBS attacks are by SQL injection through posting comments. if
you lock the system down to be purely read-only to the punters, then you
also guard pretty well against these.
- Posted by Alan J. Flavell on January 19th, 2006
On Thu, 19 Jan 2006, Andy Dingley wrote:
On balance I would agree with you, yes, even though any "popular"
software is liable to become a hacker target, whereas a one-off isn't
usually worth their effort. But in a situation such as we're
discussing, there just isn't any point in developing and supporting a
one-off!
There's something in what you say, but I don't think we should give
anyone an excuse for thinking that *their* system will be so tightly
locked-down that security patches don't need to be applied. I stand
by my assertion that an important part of setting up anything of this
kind *is* the defining of a workable procedure for future software
patches. Non-optional. It's a responsibility not only to the users,
but also to the rest of the 'net.
all the best
