Indianapolis Web Content Management

Our website has moved but we've left our old posts up here. Please visit http://www.marketpath.com/

Website Best Practices

Open Source CMS and Security Issues

Posted 11:40 AM by

We have discussed this topic before, but because it was thrown into the lime light over the weekend, I thought I would again touch on the pros and cons of Open Source CMS platforms.  Over the weekend, PBS.org's homepage was taken over by a group of hackers that gained access by exploiting the security flaws in the open source content management system that the site is built upon.  The hackers changed the content to include a fake news story about rapper Tupac Shakur being alive in New Zealand, which of course spread like wildfire around social media sites.  While creating a fake news story may seem harmless, it did showcase the security risk that all open source CMS platforms must deal with, source code that is open to the public.

HackerWith thousands of developers working with standardized source code to tweak and customize the program, coders often times find loopholes which will allow them access to your data.  In an article from Information Week, it was stated that MoveableType, the CMS platform that PBS.org uses, had a security update just seven days before the attack, but PBS administrators failed to apply the patch - a problem that proprietary systems or software-as-a-service content management systems can automatically remedy.

There are certain situations, mostly depending on the type of site, where open source CMS platforms probably aren't suitable.  A few of those situations might include:

  • School Websites - Sure, the "free" price tag of open source is always enticing, however, with the amount of free tools available to help someone hack an open source CMS driven site, a school's website could be an easy target for a student prank.

  • Financial Institutions - Anytime that someone's personal financial data is involved, open source should not be an option.  This is pretty much a no-brainer.

  • Government Websites - Any site that could contain an individual's personal data, or prompt them to enter it should be completely secure.  An interesting exception to this category, however, is the Whitehouse.gov site which is run on Drupal, an open source platform.
It should be noted that proprietary CMS platforms aren't immune to attack.  However, since the source code is usually unfamiliar to the hacker, the task becomes more difficult.  What are your thoughts on the issue of security?   
link
Comments (0)
Post a Comment
Name:
Email: (Not Displayed)
Website: (optional)
Comment (HTML tags will be stripped):
Please type the alpha-numeric code above (case sensitive):
Error
RSS Feed