web notes - a blog

Drupal is one of the most popular content management systems and modular web application architectures available.

It would be an excellent system to deploy an RPM management system on. This system would generate .spec files for the modules, ensuring dependencies could be enforced and allowing the use of yum or other methods to automate upgrades.

The success of this approach for developers would be dependent upon their ability to architect their implementations without modifying Drupal and interfacing correctly to the module system.

It also requires that Drupal serve as a server component, rather than just an account-level application. Managed carefully, with configuration files and other innovative methods, rapid deployment of manageable Drupal sites would be extremely cost-effective.

http://web-notes.wirehopper.com/2008/06/23/open-source-rpm-spec-file

With the plethora of powerful open source applications available, the great premium on rapid development and deployment of sites, and the ever present threat of malicious server attacks, security is extremely important.

mod_security is an open source Apache firewall that places outstanding protection on the server, before site visitors ever get to the applications.

In addition to its power, it is easy to use. I installed it on XAMPP, configured it very lightly, and ran the two quick tests to ensure it was set up correctly. http://localhost/cmd.exe was blocked, as was an SQL injection attempt on the application.

mod_security operates with rules that allow you to customize it to run well with your server. There is a robust set of core rules. It has great logging capabilities.

To download it, you will need to register. It’s worth it, especially if you are running your own servers, with many applications, from many sources.

This is a list of implied requirements recommended for all web pages.

• Page should render properly in all supported browsers. Identical is not required, but equivalent is.
• Client side code (javascript) must execute properly in all supported browsers.
• Site visitor must be alerted if they attempt to navigate away from the page without saving their changes, or if the session timed out and their changes have already been lost.
• If AJAX is used, authentication and access control must be applied to all requests. Client must handle server responses to these conditions gracefully.
• Client must validate the data fully before submitting it to the server. Client should alert user during entry if data is invalid. Think dojo.
• Server must perform appropriate escaping on all incoming data to avoid SQL injection and commandline attacks. Server should validate data with the same criteria as the client to limit the possibility of modified form data.
• User passwords should never be sent to the browser. Password recovery should be performed by generating a new password and emailing it to the account holder. User email addresses must be unique to support this.
• Options which are unavailable should be displayed differently than those that are available, ideally they should not be displayed at all. Inputs which cannot be modified should be displayed in such a way that the user understands the information cannot be changed.
• Layout should be managed primarily with CSS.
• Colors should be specified in a separate CSS file to allow the color scheme to change quickly.
• The majority of the layout should use divs, with tables used where appropriate.
• Only those files required to display the page should be delivered with it. Pages with complex CSS requirements should be supported with dedicated CSS files which are only loaded with that page. The same is true for javascript. Those files should be cached at the client.
• Care must be taken to ensure configuration data, particularly access information such as database name, username, and password cannot be displayed through a browser or visible to unauthorized users.

Logic / Engineering

Year 1
Fall
HTML
Javascript 1 (Logic)
Spring
CSS
Javascript 2 (DOM)

Year 2
Fall
MySQL
PHP 1
Data structures
Spring
Linux
PHP 2
Topics
Security
Client/server architecture considerations
Applications engineering
Template languages

Design / Development

Year 1
Fall
PhotoShop 1 - Fundamentals of design
HTML
Spring
User Interface Design
CSS

Year 2
Fall
Multimedia 1 - Visual design and construction
JavaScript
Application engineering - integrating designs with applications
Spring
Multimedia 2 - Flash/Shockwave, animation and audio
PHP
Topics
Page optimization
Server tuning
Browser compatibility

It is assumed these would offered in a Community or Junior college. Additional general education electives are assumed.

In addition to b2evolution, I have WordPress 2.5 blogs, which were extremely easy to upgrade through Fantastico.

There were two issues that were causing image uploads to fail.

Here are links to the two solutions that worked for me, with thanks to the authors.

http://www.hongkiat.com/blog/wordpress-25-image-upload-error-wordpress-fix/

http://www.northfieldweb.com/wordpress/?p=36