Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I'm looking for a new CMS to host my new blog and I was deciding what the best route would be, either using MySQL or a file-based CMS.
I'll probably be writing on the blog every other day so I'm looking for speed.
Does anybody know which one would be better for speed / security?
Thanks!
I'd highly recommend one of the popular ones such as Joomla, Wordpress, or Drupal (why re-invent the wheel?). They're heavily supported by the community, so the standard concerns like security and such are usually found and fixed before you're even aware they existed. My personal favorite is Joomla because of the extensive collection of extensions that are available, with a great many of them focused on social media such as twitter and facebook to "spread the word" from what you're putting on your site.
For security, I see storing content in a database as being more secure, as database access requires one more level of authentication than simply storing content in a file.
If a user pokes around your system and finds your include folder, then all content could potentially be exposed by guessing the paths. Since the database is usually abstracted away from your front-end application, accessing its content by simply guessing url paths is much harder to do.
In addition, your application will probably only expose certain fields from your database to the front-end, (assuming your database access functions are properly written to prevent things like SQL injection etc).
Unless you expect seriously high volumes of traffic on your site, you probably won't notice much of a difference between reading from a file vs. reading from a database.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I was just thinking of possible ways to go about temporary login systems. I was thinking having a bunch of your standard images with a jumbled up word and users type in the word. I would have a MySQL table where all the photos have a unique id, link and answer-key. that way the webpage just has to choose a random number the GET photo where id = random number. then compare what the user types in to the answer key of the photo.
I'm not currently trying to create this system, it seems very simple and I was just trying to think if it is a secure system that would work.
so my question really is, would there security risks with this, is it robust enough to keep out bots, would my site be destroyed 10 seconds after implementing it.
What you're describing sounds exactly like a CAPTCHA system. These are used widely to prevent bots from issuing automated requests against an interface. The problem is that it's hard to make images that a bot can't just interpret anyway.
Outsmarted: Captcha security not much of a gotcha is an article about some Stanford researchers who developed an image-recognition tool (which is not publicly available) to test captcha implementations:
Decaptcha was able to decode 66 percent of the Captchas used by Visa's Authorize.net payment site, 70 percent of Blizzard Entertainment's Captchas -- the company's games include World of Warcraft and Diablo -- and 25 percent of Wikipedia's. About one-fifth of Digg.com's Captchas and almost that many of CNN.com's were decodable.
The researchers recommended Google's reCAPTCHA as a much more effective system. You can add a reCAPTCHA widget to your own website. This would be safer and easier than trying to develop your own and find it to be too weak.
Short answer: No, it's not secure. If someone really wants to hack your system he can build his own database of image-word.
The key is to invest in security less than it will cost you if your system will be compromise, so I won't invest in a security system too much (it sounds like you don't really have a sensitive information to hide).
BUT, you have an easy & free solution. You can use reCaptcha, not only it's much more secured, you'll help digitize some useful information.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am new to IOS development.
I am going to make a Bilingual Dictionary App for IOS. I have two options in front of me for choosing database. SQLlite and MySQL.
If I choose SQLLite then I believe I will have to pack the database with the app. Every user who will use this app the database will be downloaded to his device.
is it a good approach ?
or I should use MySQL ? that stays on the server and app will connect back and forth to get data from it.
Please guide which database should I use for Bilingual Dictionary Mobile app ?
Or If there is anything else I am missing ?
Thanks in advance !!
There are advantages and disadvantages to each, depending on the functionality and user experience you prefer. Unless you plan to update the content frequently, you wouldn't expect it to change constantly, so there isn't an essential need to provide dynamic content. However, hosting the content online can save a lot of space, which for some mobile users may be limited.
However, to me the most important factor to consider is that as a bilingual dictionary, you may have a substantial market of people who are travelling. People who are travelling often don't have data service, and thus must rely on wifi if they want to access this dictionary. As someone who travels with my cellphone, having a dictionary which does not require a data connection is a major functional advantage, and as a designer I would want to provide this functionality, even if just as an option. This may change if you expect that the greater part of your market is not going to use it while travelling.
Agree with Mitch Goshorn's answer. I don't know if you're worrying about the "security" of your database or you just want to save space on device. But I suggest the local one (SQLite). In case that you don't want user to steel your database by hijacking the application folder, you may want to think about encryption. Sorry if this is not considered to be an answer cause I don't have enough reputation to comment.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Please read before you answer: I don't need any opinion-based answers or "nosql vs sql which is better" debates on the subject, just facts.
I want to slowly convert a php+mysql website I wrote with Symfony2 into a real time application using backbone with nodeJs + websockets.
I want to make a slow transition by changing single features, since I don't want to break a fully functional site.
I have been educating myself about NodeJs by reading books and watching Tutorials and there is one thing I noticed, I own more than 5 nodeJs books and none of them use MySql although its fully supported by node.
They all use MongoDB.
Here is my situation
1. My Website is already integrated into MySql(Doctrine)
2. My MySQL setup is fully functional and needs no improvements so far
I'm really frustated and I have a few questions:
Why is MySql not prefered although its a more mature piece of technology?
What are the advantages of moving to MongoDB over MySQL for the purpose of having a real-time application??
I've seen people choose Node/Mongo development because of the simplicity of the all-JavaScript stack, I've seen people choose Mongo because it's the New Hotness, and I've seen people choose Mongo because it's actually the right tool for the job: they have a large amount of document-like, unstructured data and/or they want to take advantage of Mongo's support for horizontal scaling, among other differences between MySQL and Mongo.
I'm not sure it's possible to answer this question in a non-opinion-based manner and without touching on Sql vs NoSql. Mongo is simply a tool, and it happens to be free and commonly used in the field with Node. If I were writing a Node tutorial, I'd probably choose Mongo too, because it's common and it's cool.
If Mongo is the right tool for your site's use cases, then the transition is probably worth it. If MySQL is the right tool for your site, then congratulations! You've just saved a bunch of time rewriting your DB in Mongo.
As an aside- if your question uses the word "preferred", I can't really think of a way for it to not be opinion-based, by definition.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
This is not something I want to do myself, but it's a question/problem I can't get out of my head.
If you distribute open source-program/classes/libraries, how can you make sure the user has purchased a license? Would it not be very easy for programmers to just remove the license-part of the product and distribute it or use a pirate-version?
Take Invision Power Board for instance. It is written in PHP (i.e completely open and editable) and you have to buy a license to be able to use it. How can they make this limit? Do they authenticate the forum towards their servers? If they do, would it not be easy to simply remove this function?
Another example that I have even more problem understanding is HighCharts, a JS library to draw graphs. They offer a free version with their name on each graph. If you purchase the product, the label is gone. How do they do this?
I know this question is a bit wide and open, but I am just asking for a way to prevent people from simply editing out the license/blockade? What is the essence in this?
There are no license purchases for true "open source" libraries or programs, because the essence of open source is that the code is free and you can build/deploy it yourself at will.
What you're talking about is commercial software that might use a codebase that is easily visible/editable. It's not marketed as "open source," but the source code is easily accessible and potentially easily modified.
There are various mechanisms for obfuscating or hiding the content of the code that some products would choose to use, which make modifying the code more difficult. For example, there are various ways of pre-compiling PHP code rather than distributing the raw files (see this question for examples).
However, the biggest thing that you lose out on with most software of this sort is support. If you're a serious user of a complex piece of software, especially a business user, you would typically want to know that you have a commercial support plan in place for any critical software. The kind of user that would crack/pirate such software (that is, individuals or small companies) aren't likely to be as significant to the vendor.
On the internet there's a further obvious avenue: if a significant public site were using Invision Power Board, they would soon notice and could demand suitable license (or take legal action).
Ultimately, this kind of abuse is very difficult to prevent if someone is determined enough: you are very much at the whim of your users.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Can anyone give me some insight into CMS migrations from Typo to Joomla? I have a fairly large Typo site that needs to be updated and put into Joomla on a new host. I'm most concerned about the database side. Both sites use MySQL but at some point I'm going to have to do a data migration between the two and I have no idea if there are major pitfalls along the way. Has anyone done this before?
Having looked around on Google, I couldn't find anything about migrating from Typo to Joomla. I assume the migration would be far too complex as they are completely different system and Typo isn't as popular as the likes of wordpress. To be honest, you might want to consider starting the Joomla site from scratch.
Download Joomla
I'm not sure what extensions you are currently using on your site, but I'm sure the Joomla Extensions Directory will provide you with most things that suit your needs.
As for template, I'm not sure if you want to use commercial or non-commercial ones, so I'll provide a bit of both.
Commercial:
Yootheme and Rockettheme have always been my first choices when it comes to templates, due to reliability, style and mobile compatibility.
Non-commercial:
Yootheme's Master Theme is completely free which is based on their Warp framework. It's a fairly basic template but with some modifications, it can be made to look better. Shape5 provide 3 free templates, Vertex being my favourite. Joomlart have 2 free templates. Finally, JoomForest provide 2 free templates, JF-Corporate being my favourite as it also comes with a template for the Kunena Forum and JomSocial, which good and free ones are hard to come across.
I know this didn't answer your questions but I would definitely recommend starting from scratch as it will most likely save you the hassle.