I am currently using Drupal to build a Business Journal website for our newspaper.
In previous discussions with our corporate office (and web development team), my publisher mentioned that he liked a local site that happened to be built using Joomla. Our corporate development head then proceeded to bash the Joomla platform, as not being adequate for the needs of a newspaper, both for feature and security reasons... which I agree.
I know from the Drupal.org site and others that Drupal has been used to build many high-profile sites (Whitehouse.gov being one of them).
Since I am new to Drupal, I wanted to make sure I wasn't ignorant of any possible issues that might discredit the work I am trying to do and of course to bolster my argument to build our site using Drupal.
Thank you,
Joe
Comments
Are you writing your own
Are you writing your own code? Either way (as with any software) there are always going to be (potential) security issues -- fortunately, almost to the point of, "... for cryin' out loud, people.", and also after having worked with Joomla!, Wordpress, etc., Drupal runs circles around everyone else as far as "being on top of security issues" goes.
I think one reason stems from making proactive (as opposed to reactive) decisions / security implementations. Another is the strict coding standards Drupal has implemented. For example, take a look at developer sections for Drupal vs. Joomla vs. WP. You'll notice that within Drupal's are hundreds of pages about coding standards, best practices, etc. Joomla's has actually improved quite a bit, but is still so "vague" it's difficult to follow. WP's is pretty much infinitesimal; and nothing personal against WP, because it's great software -- but every piece of software will always have room for improvement and this, currently, happens to be one of theirs.
Enough "dissertation" for now though and back on point (to the first question I asked) -- if you are writing you own code, Drupal has made several proactive solutions available. I would say it's a good idea to make sure you're especially familiar with Drupal functions such as l(), t(), and check_plain() to name a few.
On a side note, which "local paper" are you referring to? I grew up in the AV/SCV area (in fact my brother is a CHP officer @ Newhall), and it can't be the "primary AV paper" -- have you seen it lately? Holy cow. Only other one I could think of would be the DN - SCV ed, but even that didn't look too Joomla-ish to me (but who knows).
Will not be writing my own code
jerdiggity, thanks for your input. I am not writing my own code. I am primarily building a site starting from the Open Publish distribution. So, if I build a site using contributed modules that are properly developed, security issues should be at a minimum?
In reference to the local site, no, the site I was referring to was http://www.mysantaclarita.com/
I've never looked at the avpress site until now, wow, you're right. But, I can't say too much, our newspaper's main site is far from what we would like it to be as well.
Thanks for your help!
Modules in Drupal are a lot
Modules in Drupal are a lot like Lego blocks. You can put them together in all manner of configurations. Of course, you can also leave a gap here and there, depending on how you configure those modules to play together.
For example, the Views module can produce listings of content that might be access-restricted on it's original page, but is publicly available if you don't pay attention to the Views security options.
One of the security "features" of modules in Drupal is the tireless work performed by the Drupal Security team in reviewing even contributed modules. There is a mailing list you can subscribe to for updates on security holes.
You may want to check out Cracking Drupal. It is a book on Drupal Security and is supposed to be very good.
The way to stay on top of
The way to stay on top of Security is to be up to date with your Drupal and Contrib modules, And as mentioned by Grayside, sign up for security updates.
Shyamala
Unimity Solutions
report on how Drupal addresses security
Thanks for mentioning my book, Grayside ;) We're also working to make the CrackingDrupal.com site valuable as a resource on its own in addition to the book.
Ben Jeavons and I (both members of the security team and the developers behind the first security review services for Drupal) are looking for sponsors to help fund the research and writing of a statement about how Drupal handles security. If you or anyone else is interested in seeing this kind of a report, please contact us. The results will be made available as a creative commons licensed document that give credit to sponsors as appropriate.
knaddison blog | Morris Animal Foundation
As a designer, Drupal has its
As a designer, Drupal has its learning curve, once you wrap yourself around how themes work you should not have a problem, you will appreciate how flexible Drupal turns out to be. Take a look at the theming guide for starters. As Grayside stated, Views and CCK well pretty get the ball rolling. If you want more advance functionality then you set up additional modules relating to what you want.
It can be overwhelming at first but the pay of is worth it.
--
Lyemium
We highly recomend Drupal
It is compared to all CMS choices here: we recommend Drupal for website at or over $2000
http://socialmediasystems.com/rothmanguide/
Israel Rothman
CEO
Mobile:
805-827-2450
Email: israel@socialmediasystems.com
IM: izzyreal51@yahoo.com
Skype: israel.rothman
http://www.linkedin.com/in/searchengineplacementguru
SocialMediaSystems.com
998 Church Street Suite 46
Ventura,
Thank you for your posts!
Thank you for your posts. Very good info and leads.
A security report was
A security report was released last month at DrupalCon San Francisco.