[BlueOnyx:00195] Re: Third party software: Joomla

[Stephanie Sullivan]

> > I am sure there are plenty of novice users who set up Joomla! or
> > other 3rd party software installations in a manner in which they
> can
> > be hacked. However, I think that its a bit of general association
> to
> > say that all Joomla! configurations are insecure. This is just not
> > true and quite an inflamatory statement aimed at a good group of
> > people. I run several secure applications based on the Joomla! CMS
> > and have never been hacked. I also understand server security and
> > how to program.

This is the concern with 3rd party packages in general. It's difficult to
police and keep up-to-date. If it were not a major competitive feature I
doubt I'd be interested in hosting third party script installations. I have
lost a number of potential hosting clients who were stuck on "fantastico" -
why can you support fantastico??? Well, fantastico is a cpanel only app, and
we don't run cpanel... you get the idea. Argh.

The other dark side of virtually all auto-installed scripts is you can
update the scripts to be installed, but what about the ones already
installed? Oops! This makes a bit of a mess when a vulnerability is
announced with a fix for a popular app and lots of installed scripts NEED to
be upgraded. How does one convince a client that got a free script to pay
for upgrading? It's a customer relationship nightmare.

But again - it's a competitive necessity to offer some kind of
auto-scripting option.

	Thanks,
		-Stephanie