2 requests

1. The GUI of XOOPS needs radically improving, and I dont mean themes, I mean some of the basic layouts.

CBB is a great example of this(it sucks) I have stuck with it but would prefer the look and feel of invision or smf.

Generally the content is good but the gui bad please please improve it. Take Joomla many of the devs on Joomla work on macs and I think this is reflected in the look of Joomla.

2. Security, I have seen jokes on other peoples websites about security on XOOPS I have lost 2 sites to hackers. IS XOOPS secure? How secure compared to other boards/cms products?

To make it secure why do I have to download modules and install them why is not the core product automatically secure? This needs sorting

Quote:

My understanding is that the core itself is pretty secure (at least as good as the best of the rest) and that where there are insecurities these tend to arise from the modules.

The trouble is that hackers keep evolving so the core and modules must too, so always upgrade to the latest versions.

And use the protector module to give added security.

I suspect that adding a module like Protector to the core might stifle development of similar modules (not that I know of any!) and make all XOOPS users reliant upon just one developer (GIJOE) which, as good and much-appreciated as he is, can't be a wise move.

Just my view.

The security issue imagines always a smile on my face...

Why do we need a module like Protector when XOOPS is secure?

Just my opinion.

(btw: I use it)

Quote:

Okay, now I have a reason to buy one without my girlfriend bugging me about the costs of a nice i-Mac;)

But seriously and on topic, I agree with JAVesey. Maybe an integration of the Protector module into the XOOPS core would be a more secure base.

he he he ....it should have read secure...but somehow I prefer sexure

Interested by others comments

Quote:

The XOOPS core has been around for a fair while now and yes, it has proven to be quite secure compared to similar systems.

If you are getting hacked then it is likely that you i) didn't keep up to date with patches and/or ii) were using old, unmaintained modules (right?). If you are actually *losing* sites to hackers then where were your regular backups? These things are responsibility of webmaster.

Protector adds another layer of protection to your website, which can help guard against flaws in both the core and modules. I agree some of the functionality would be good in the core, but in the meantime, its a good module to have.

This gonna sound weird, but i don't think protector should be in the core as it it now. The problem is XOOPS_TRUST_PATH. Its's a great idea, but it makes installation more complicated for newbies, and sure there will be servers that won't allow users to create this "trust path". Unless someone finds the way to automate this process and continue installation even in case of failure, I should not include it.

Quote:

I agree. For some (valid security) reason GIJOE is pushing the envelope on this but until Xoosphere or whatever it will be called implements this methodology, it is a pain to have to install in two seperate places.

I also have experience of hosters that won't allow creation of folders outside of the web root (although in 3dPixelnets case, they can be convinced of the efficacy of doing it.)

However, more importantly I don't believe that Protector should be included in the core because:
1/ The core should be solely concerned with data and content manipulation and data security (i.e. input and output via the website)
2/ Security is fast evolving field, it is better to allow some good people like GIJOE to concentrate on the security layer that is around any good web site (i.e it doesn't matter what CMS flavour you use, Protector like security should be employed.)

And let's not forget the spam blocking capabilities of the NetQuery module. I employ both Protector and Netquery on all my sites to good effect. I just wish Protector could take on the spam blocking functionality of Netquery 'cus apart from that none of my sites need the core functionality of Netquery (good though it is.)

Despite all the security in place however, the hackers only get cleverer each day. I had one of my sites hacked last week. They managed to impersonate the hosting account name and load spam email sending software into the server's /tmp directory. They didn't touch my website. Not sure that XOOPS internal security, Protector or Netquery is ever going to stop the really determined hacker.

Ah - you're with 3dPN as well

Yes, I explained the situation with Alan and he thought it was an excellent idea for additional security

Quote:

It was actually after you sang their praises some while back that I gave them a try 'cus my previous (and still current with some sites but not for long) hosters Easyhosting, were getting expensive. I now run 4 sites with 3dPN. Top little outfit. Excellent support, very obliging (it took Alan 2 days to sort out PHP5 for me.)

Sorry - way off topic - Should I ban my own posting