Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I've found out very little still about Joomla! but I have a friend who uses it every day and it works great for him; he's been recommending that left and right for any kind of web site with as many features as you want.
I've played with it a little bit and it seems very promising. It creates the PHP code automatically for you for common tasks like a log in and updating the content of pages is extremely simple without typing a single line of HTML code anywhere.
I strongly suggest you look into Joomla to see if it fits your needs.
I would set up a LAMP or WAMP server in your development computer first to try it out and to get familiar with it. Once you're comfortable with it you can tell your restaurant owner how to log in to the Control Panel of Joomla! and start updating the menu or even set up RSS news feeds for it.
Good luck on that project, it sounds very exciting,
If you want a secure system (which you want! since people can actually ORDER, thus real money transfers), DO NOT GO WITH JOOMLA! it's very vulnerable to loads of exploits weekly. If you still go with that route, fine, but then be sure to actually update as soon as there is an update announced by joomla security team. Also be very reluctant to thirdparty plugins for joomla! They are prone to abuse. (joomla! developers barely check those plugins for abusive code inside them, and since everyone can submit a plugin, this could end up harmful)
My suggestion would be to self build the system. (and then test it with a knowlegdeable php programmer to find any faulties). Better yes, let a experienced php programmer do the job, if affordable.
Most serious websites where payment info is used, use custom systems.
Reason is that it's doing what you want it to do, and just that no overload of stuff you don't need and therefor maybe being more prone to attacks, secondly, home made systems are more difficult to hack (if coded properly), since there is no public information about the backend. With e.g. Joomla! everybody can download it, and thus find errors easily, to abuse.
The only way to limit that chance if using Joomla! is doing regular updates (see above). But the experiences i've whitnesses tells me, people ease down on updates, once the site is up and running.
There is a lot in the teebones post that is correct, but let me post my own take on the Joomla! security issue, which probably differs in emphasis
Many/most people who have launched themselves into the world of websites and CMS programs don't even realise that there there is a security issue until they get caught (and, even then, they may not have much of a 'root cause analysis and protecting for the future' attitude). They've read a 'How to Build a Fabulous Website and Start Coining it in, with no Real Effort,in Twenty Four Hours' type book, and it doesn't mention security and the result is they've either not thought about it, thought that it doesn't need doing or that it is somebody else's problem.
Joomla! does have a poorer reputation for security than many CMS programs. The Joomla! guys themselves understand this, but claim that most of the security problems come from third party modules; in this they are probably correct
You could build a site without third party modules, and avoid this element of the problem; you'd still have the rest of security to worry about
Practically, you couldn't build a site without third party modules, because for most real sites you need the add-on functionality that they provide, otherwise you'll have a very dull site
You could minimise your use of third party modules
You could audit every third party module that you use, but you probably won't, because it requires quite a lot of work
If you've gone at the third party modules like a starving man at an 'all you can eat' buffet, nothing will save you; you'll have so many that you can't audit them and the probability is that, with so many, you will have one, or more, with potential exploits against them
Security is a process; whatever you do, you will have to devote time and energy to security, otherwise someone will exploit you; the worst mistake that you can make is thinking that this will, somehow, take care of itself
Quote:
My suggestion would be to self build the system.
My objection to that would be that you are likely to substitute your own crap code for Joomla!'s not very good code. Brutal, I know, but there is certainly the case to be made that one of the disadvantages with 'easy' systems -whether it be a CMS, or PHP 'easy programming' or whatever- is that they encourage people to over-estimate their capabilities; if understanding security and auditing code for security issues isn't one of your strengths, better stay away from needing to do it. You could argue that it does get you the much-discredited 'security-by-obscurity' though.
I'd remove that objection if the coding was done by an experienced PHP coder with the right, security aware, mindset. But, that's not what you are going to do, is it?
Quote:
If you want a secure system (which you want! since people can actually ORDER, thus real money transfers)
Note this; it is not optional, if you are taking payments from plastic cards.
In short, I am afraid that the simplicity of setting up a website has been widely oversold to people who don't really have the background to understand the potential issues, and this goes wider than any one individual CMS.
Sorry for bumping an old thread but I am thinking of creating a site similar to the justeat(dot)ca website. i.e. Customers can browse the menu of local restaurants and then order and pay online.
If I was to create the bones of my site with Joomla and then have a developer write a custom component that facilitates the listing of menus and shopping cart functionality, would you also view this as a security concern seeing as the site itself will be Joomla based?
If I was to create the bones of my site with Joomla and then have a developer write a custom component that facilitates the listing of menus and shopping cart functionality, would you also view this as a security concern seeing as the site itself will be Joomla based?
Well, it may have been better to start a new thread...I would say, in this case, you've done the right thing, because your problem is so similar to the original, but maybe a mod will come along and disagree.
Anyway, to the answer:
It depends.
If you could configure the CMS-driven part to have nothing to do with the ordering part, then I don't see why it should be too great a problem. Unfortunately, a design like that may well have poor usability (eg, maintaining a completely separate list of pictures, from the ordering part might be seen as unnecessarily obstructive by users, and you could still have, eg, denial of service attacks on the CMS part, which, if the CMS part was of any use (and why have it, if it wasn't?) would still be badly perceived).
If the 'ordering part' and the 'CMS part' are more integrated, then there is clearly a possibility that an attack on the CMS could cause problems for the ordering part.
In any case, just to repeat, in case you haven't followed the link above, if you are intent on taking payments from plastic, you need to meet the appropriate requirements; see here. Also note that this is not optional; if you believe that this is too much trouble, and unnecessary bureaucracy, don't even start.
I am unclear why there is no thought of using a system which has a slightly better security rep than Joomla!. This couldn't cure all of the problems - you'll still have all of the problems of creating and working with a secure platform, but you really don't want to opt to import unnecessary problems.
Maybe Drupal or Plone, although Plone does seem to be a bit slow (or need a bit more in the hardware department to be adequately fast), although there are many others. A site like cmsmatrix will show you loads of options and a site like cmswire will give you background materials, and comparative reviews and details.
A few years ago we built an online ordering system and website for a restaurant in PHP. This platform allows restaurant owners to put their restaurant menu online, manage orders and page content. Customers can order and customize food items, choose a delivery method, pay for their order and tips online, save their favorite orders, etc.
Here is a link to the demo: dallasjonesbbq.outsidethepixel.com
We were thinking of making this platform available for free for web developers, open it to contributors and let them develop plugins and extensions.
Is that something anyone would be interested in? Would you prefer to use a framework/platform like this one developed by another team, rather than creating your own from scratch?
Any suggestions are welcome.
Thanks,
Aurelien
__________________________
Outside The Pixel
outsidethepixel.com
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.