Hi I have been trying several things these last few days but can't anywhere.
Here is what I want:
A website with news, forums, downloads, rss, aboutus, photoalbum, donations. I guess this is not that difficult.
The problem is security. After asking a few ppl they told me "watch out XOOPS is insecure". So the key point here is security. What should I use to have (an as mutch as possible) secure website. Protector is one I guess.
I guess I should stay with 2.0.x. But what about all the other things? Should I use the 1.4 news, the cbb forum? what download module? and the others..? Please help. I am lost


Thanks

Nothing is 100% secure.

You want it to stay more secure?

Make sure you install patches as soon as they come out.

Just like ANY internet scripts.


Also, not sure why security is so ultra important... sounds like you are running a hobby site.


Will you be keeping secret CIA documents on this server as well?


One word of advise, dont let your friends make you so paranoid. Did they offer any better solutions?




Cheers,

I know that nothing is 100% secure that's why I said "as mutch as possible"

I will keep everything patched, but if I go for 2.0.x, how long will it be supported?

Security is magor because this site will be on one of my machines so I don't want that to be hacked.


Yes they did. (athough I don't know if they are better) they told me about drupal and mambo


Thanks for answering

Been with XOOPS for about two years now. I can tell you that in that time, as far as I am aware, the devs have been very careful to fix any security breaches in a very timely manner. Elsewhere on this site you will find security raised as a concern, as it should be.

There is preventive security that is reflected in the coding. I am NO expert in that. What I do know is the performance I seen when security issues have been reported. There have not been a lot of alerts from the security watchdogs. When there have been, it has been addressed immediately. Here's a quote discussing the xmlrpc vulnerability several versions back from http://www.gulftech.org/?node=research&article_id=00086-06292005:

Quote:

This is what I have observed since starting with xoops. Moreover, the xmlrpc vulnerability was not limited by any means to xoops.

I cannot speak to drupal or mambo.

I do feel a great deal of confidence that XOOPS will do as much as possible to make itself secure. If you want further evidence of the concern for security in the coding, find some of the not so distant discussions about username vs displayname in 2.2.

You'll probably find that your webserver (be it apache or IIS) will be of greater risk of getting hacked than Xoops. If you are wanting tight security, there are so many levels you should be concentrating on before your choosen CMS, as it is the last port of call. As you've mentioned there though, I would say the Protector module is a must for anyone security concious, but this alone is by no means a security solution.

Thanks all for anwsering. I trust XOOPS and it's developers otherwise I wouln't even be talking about it. But my question is more of WHAT should I use . eg:

xoops core 2.0.13.1 (I guess 2.2.x is too new)
news 1.3 or 1.4 ?
newbb 1.x or cbb?
xgal or xgallery ?
xdonations or ... ?
wfchannel or ...?
xoopsfaq or smartfaq ?
protector

The goal is to get an (as mutch as possible) trouble-less and secure site up. Features are not that important.
If I use news, newbb and faq that are not part of the official 2.0.13.1 what should I do when a new version of XOOPS comes out.


Thanks again

For version - I would recommend 2.0.13.1

CBB is an ongoing development, which has replaced newbb

Smart modules are constantly being updated, so I would recommend SmartFAQ over XoopsFAQ.

Hi,
And I recommend that the protector must be downloaded from not this official site but the GIJOE's.http://www.peak.ne.jp/xoops/
latest version is maybe 2.52