“You cannot build dynamic websites until you forget most of what you learned building static sites.”
Written by Marco Conti Saturday, 24 July 2010 19:30
This episode on Joomla Security marks 10 Minute Joomla! Tips one year anniversary. Because of this milestone, I have decided to bring you a multi part Screencast about Joomla Security and what can be done to secure your Joomla website, your server, your computer and the way you work when building web sites.
NOTE: Please read the article below the video for more information, useful checklists, links and other resources discussed in the Screencast.
While focused on the Joomla CMS, this series of Screencasts on Joomla Security contain enough information to interest anyone concerned about PHP security for their own web site. One of the tools I'll demo in a future episode is the "OSE PHP Security Suite" a comprehensive security suite offered by Open Source Excellence. The suite is based on Joomla but it is installed as a stand alone, strip down, Joomla site. It can help protect many PHP scripts installed on the server.
I'll also demo other products I find useful, if not outright indispensable, such as Roboform (PC) and 1Password (MAC), two of the best "Password Managers" available. A class of software no serious computer user should be without and that help manage complex passwords and other sensitive data. Not only you can save hours (and your sanity) by not looking for passwords in some unsecured text file, but you can also use them to keep and transmit a variety of sensitive data via email, IM or any other unsecured method. All by memorizing a single master password.
I don't claim to be a security "Guru" (yet, hopefully), but I feel that I have learned a great deal of useful information I would like to share for everyone's benefit. I hope that these podcasts will inform those that are just starting out and inspire the "Security Experts" to contribute their knowledge and experience. I hope you'll enjoy this Screencast and that you'll help me celebrate 10 Minute Joomla! Tips first anniversary.
Another thing I wanted to stress is that Absolute Security does not exist. Every system can be hacked. The goal, in my opinion, is to make our websites and computers as difficult to hack as possible. Even hackers need to have a good ROI. A system to hard to crack is not an effective use of their time.
Just like "The Club" is not really a big deterrent for auto thieves, it will at least stop the joyrider.
I try to script my podcasts as much as I can, short of making them a full Hollywood production. But as I went along describing the various steps and tools, even with notes in hand, I failed to mention a few useful tidbits of information or I forgot to define something important in key areas.
To obviate that, I created some on-screen callouts with checklists and useful links.
Since reading hyperlinks and checklists on a video screen, HD or not, is rather difficult, I am including those Callouts here. I hope that in time, through your input and suggestions, I'll be able to make them more useful and complete.
In an era where each one of us has to remember at least 8 to 10 passwords (but on average 20 to 30) and were those passwords should be at least 10 caracters long, unique and made up of nonsense, I am amazed that these incredibly useful programs are not chart topping best sellers and they are not mentioned on CNN every day.
For an average of $30, or even for absolutely free, these programs represent the very foundation of modern computer security. Yet, many users, even experienced ones, either scorn them or choose not to use them because they don't want to learn "another program".
I'd rather give up Photoshop than my password manager. I can always use The Gimp for my graphics, but without my passwords my work would halt to a grind.
A password manager works similarly to the way your browser remembers passwords. Login to a site for the first time and it asks you if you'd like to save your login data to its memory. Go back to the same page and it offers you to fill out the login fields for you.
Problem is that most browsers are very basic when it comes to manage your passwords. Try inserting the wrong password and most likely it will haunt you for many moons.
Password managers instead are a cross between the browser "remember" function and your bookmarks, with a sprinkle of magic thrown in.
Even among the most popular, features vary, but if you think you want to buy one look for these basic features:
Based on these parameters, I have picked a few Password Managers, from great to passable, from free to commercial to Open Source (Not the same as free). I suggest that before making a decision, you test the most promising and that you give yourself a chance to get used to them.
I should also mention that Norton 360 (free for Comcast customers) this year ships with its own Password manager. I prefer Roboform or 1password by far, but it's better than nothing. If you use Norton and do not feel like downloading one of the ones below, activate it.
You can also Google "Password Managers" and spend the next couple of centuries trying out your finds
Thank you for watching 10 Minute Joomla! Tips *cc*
Conticreative offers Individual and Corporate training (in person or online) on Joomla, Wordpress, Zen Cart and other leading Open Source scripts.