[SGVLUG] Website Testing

[Dustin]

Just an update on the CMS testing.  We had identified a couple more
packages to look at before we made a decision, WebGUI and Plone.  
However, after the meeting Mike had suggested that a nice CMS feature: for
security reasons, it would be nice to have as much as possible in static
pages rather than generating them dynamically on each access, as most of
these things seem to do.  So instead of working on WebGUI or Plone I did a
little research, and found a comparison chart that showed Typo3 as being
able to generate static pages.

So, last night I finally got it working, kinda, but it is rather
disappointing.  I won't whine about the time I spent fighting with the
install (now there is an evening or more I won't get back), but it's worth
mentioning that I had to bump up the maximum allowed script memory for PHP
yet again.  This defaults to 8 Mb in Debian, PHPWebSite wouldn't work
until I bumped it up to 12 Mb, but this thing seems to require 16 Mb.  
Mambo ran fine with 8 Mb.  Unless it can do something none of the others
can, it's a memory hog.  I also wouldn't say that the inconsistencies
between documentation and behavior really encourage me about the learning
curve.

Anyway, the quickstart website is the most hideous thing I've ever seen,
and even though I don't have it working properly I did link it in on the
main page just so you can see how aweful it is. Go take a look.  I hope
you like green, though....

I said it isn't really working.  Well, it probably is, but it isn't doing
what we want.  It is kind of the anti-wiki: I can't even figure out how to
allow new users to create their own account, nor even if this is possible.  
I also couldn't figure out how to create new admin accounts (back-end
accounts don't seem to have any relationship to front-end accounts).

Here is the kicker: after all that, I have the strong suspicion that it
doesn't generate static html pages that apache can serve without touching
the CMS code, but rather simply caches generated pages and images.  While
it's good for performance, I don't see how this helps security--code is
still being executed, and likely the database is still being accessed.
Mike, do you agree?

Bottom line: by all means take a look, but unless someone sees something
worth exploring further, I am not going to waste any more time with this 
package.

To get the static pages Mike is talking about, if we don't just use the
"good old vi" method I guess the earlier suggestion of nvu would probably
be the best.  I did actually look at the nvu home page and it looked 
fairly decent, if that's what we want.  It would be no different from 
using vi from the standpoint of anyone but those with shell access to the 
server, though.

Dustin