Google Groups

Re: security, theming and blog engine


Mateusz Marzantowicz Apr 23, 2012 1:37 AM
Posted in group: django CMS users
On Mon, Apr 23, 2012 at 7:10 AM, khaos <binar...@googlemail.com> wrote:
Hello all.

I am currently in the process of switching over to a CMS. Since I have a deep antipathy for PHP, it is kind of hard to find something that fits my needs. Finally django-cms seems like a worthy candidate and I would like to ask for advice on a few newbie questions. :)


Hello, I'll try to answer to as many questions as I can.

- My first and main concern is security. What is the security record for django-cms? How is security handled today with regards to extensions, security leaks and new code? If access to the admin page is hacked, is there an obvious way to execute arbitrary (like with BrowserCMS for example where you can inject code via the template system)?

The security of django cms is based upon security of it's base - the Django framework. Admin pages are generally protected by login form, so strong password is really important. After gaining administrative access you deal with set of forms which are designed by You, site creator. You can choose to trust the data entered in the forms and allow HTML rendering inside the template or you can obfuscate the input/output.


- Since the CMS will be my main page for my business (self-employed software engineer), I need a professional theme. Most designers these days seem to exclusively target Drupal, Wordpress and Joomla. That's it because that's what the masses are using. :( When I buy a good HTML/CSS standalone template, how easy or difficult is it, to adapt this to django-cms?

Designing theme for Django CMS is as hard as learning HTML/CSS and computer graphics at the level that satisfy your needs. There is a really good documentation that will help you in assembling whole page from different blocks/slices/templates/files.


- Does django-cms support blogging or is there a project that is compatible with django-cms in a sense that it is easy to integrate?

I'm not aware of any django-cms blog plugin (maybe there is one), but writing one yourself is really easy. You can adapt blog code form djangoproject (official Django website)  or check one of several site like django snippets.


- What about long-term maintenance? Is django-cms still actively developed and maintained? Is support for django 1.4 planed?

I'm not a django-cms developer but for both of your questions I wold answer: YES.
 

Thanks a lot in advance for any help in advance...

So long,
matthias

--
You received this message because you are subscribed to the Google Groups "django-cms" group.
To view this discussion on the web visit https://groups.google.com/d/msg/django-cms/-/cL7CwCQTIMwJ.
To post to this group, send email to djang...@googlegroups.com.
To unsubscribe from this group, send email to django-cms+...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/django-cms?hl=en.

Mateusz Marzantowicz