PHPNuke.

[Dustin Decker]

On Tue, 22 Jul 2003, Frank Wiles wrote:

> On Tue, 22 Jul 2003 09:09:51 -0500
> ismgr <ismgr at atchisonkansas.net> wrote:
> 
> > I was just wondering how many of you have used this.
> > 
> > I'd be particularly interested in stability, ease of configuration,
> > etc.
> > 
> > I'd also welcome any suggestions on docs to help in securing an 
> > Apache-PHP-PostgreSQL installation.
> 
>   I cannot strongly enough suggest using something else.  It has nearly
>   a security problem each week.  Go to securityfocus.com and search
>   Bugtraq for the 'PHPNuke' I found 51 posts. 

I'm with Frank on this - PHPNuke is known to have several 
vulnerabilities... I'm not even sure they've all had a patch released for 
them.  PostNuke, a fork (well, a complete re-write as I understand it) of 
nuke was designed with security in mind from the start as opposed to the 
standard afterthought.  I've used postnuke for a few projects, and find it 
easy to manage - and more importantly, patched quickly in those rare 
instances of security items.

The _best_ thing to do is learn how to code things the way you want them.  
I too am one busy guy though, and can understand why these portal systems 
are so popular.

Synopsis:
PHPNuke bad, Postnuke not nearly as bad.
D.

-- 
o-----------------------------------o
| Dustin Decker - CNA, MCP          |
| dustin at dustindecker.com       o-------------------------------------o
| Network Engineer              | "Evil is that which one believes of |
| Preferred Physicians Group    |  others.  It is a sin to believe    |
o-------------------------------|  evil of others, but it is seldom   |
                                |  a mistake."                        |
                                |  -- H.L. Mencken                    |
                                o-------------------------------------o