Tag Archives: Drupal

The Necessity of Patch Management

One aspect of site security is neglected more often than any other: Keeping your CMS software patched and up to date. We see this problem occur over and over again. Clients purchase websites with content management systems, then once we hand it off to them they do not keep it patched.

We’ll say it again: You must keep up with your website’s CMS software patches! A large number of Joomla! sites were recently compromised by a bot that specifically searched for a very commonly-installed extension which had been the subject of a security patch. The hackers knew that many people would have failed to install the path, so the bot looked for unpatched versions of the extension as a doorway into the site. It worked very well; a number of sites fell victim.

Your CMS software is no different than the software on your desktop, your notebook, your smart phone: There will be patches and maintenance releases and you must install them to keep your site safe from attackers. Also, don’t forget, many times those patches also bring with them new functionality or improved performance, so if you fail to take advantage of the upgrades, you may be missing out on enhancements that also add value to your site.

If you are not comfortable doing upgrades yourself, find someone to help, or contact us. Charges for this type of work are very low — unless of course you have neglected it for too long and you already have a problem — then it gets expensive!

The Lights Beyond LAMP

The 2009 Open Source CMS Market Share Report showed clearly the ongoing dominance of PHP-based content management systems. While the LAMP stack may be the leader in the arena of web content management, it is certainly not the only game in town. For the 2009 Open Source CMS Market Share Report we looked at not only the PHP-based systems, but also the Java and .NET-based systems.


The LAMP stack is populist in nature. Not only does the stack carry the cost advantages of open source, but there also exists a wide assortment of low-cost hosting and a ready (and growing) supply of developers. These characteristics create low barriers for entry and an attractive choice for individuals, hobbyists and small to medium sized enterprises.
While few would dispute that there are numerically more deployments of the common LAMP stack systems, it would be a mistake to assume that this is the only platform that matters. The web content management space is not homogenous. A hobbyist building a personal site, a small company building an online marketing presence, and a medium sized enterprise building a portal for customer relationship management are just three examples of widely disparate, yet common, uses. And while it is possible that all three of those groups might be looking at the same systems, it is more likely that those who require higher level functionality will look beyond the most common PHP-based systems. The argument becomes even more persuasive when you look at enterprise level clients.

For users who demand more functionality, higher security and more robust platforms, Java-based and .NET-based content management systems hold a strong attraction. Indeed, in the enterprise space, those platforms are more likely to be the first choice. Though it is certain that The Big Three — Joomla!, WordPress and Drupal — continue to improve their offerings and are more capable of supporting robust websites, I think it is fair to state that at this point in time few enterprise clients put them on their shortlist.


We included 4 Java-based systems in the survey: Alfresco, Jahia, Liferay and OpenCMS. Of the four, Alfresco topped the set in virtually all the metrics, in many cases ranking behind only The Big Three PHP systems. It was a very strong showing for a system that is not normally thought of in the context of web content management.

Alfresco had a strong lead in brand recognition and brand familiarity ratings. While Alfresco lead Liferay in many metrics, it did not do so across the board; Liferay also performed very well. Liferay showed significantly greater strength in third party support, website popularity metrics and social media prominence. Both Alfresco and Liferay ranked highly in the brand sentiment metrics, with Alfresco coming in third overall in the survey — one of the clear leaders in this key metric. Liferay was not far behind, coming in sixth overall.

Alfresco and Liferay lead OpenCms by a large margin in almost all categories and Jahia not only lagged relative to the other Java based systems, but was one of the weakest performers of the entire survey group. Most troubling for Jahia has to be the brand sentiment data which showed Jahia fourth from last in the survey set, with negative sentiment running very close to 50%.

In sum, from my perspective those interested in implementing Java-based open source content management systems for their web sites have a lot to cheer about. There exist several viable choices and at least two strong, growing players. This is a space that is set to grow and remain competitive in both the short to medium term.

The chart below shows the results of our query on brand familiarity to the survey group:

brand familiarity


.NET is not a platform most people traditionally associate with open source, but over the last couple of years that has begun to change. A large part of that credit has to go to DotNetNuke, who have been waving the open source flag and investing heavily in marketing to get that message out. Perhaps no other system in the survey has shown a more concerted marketing effort than DotNetNuke. That marketing has paid off in brand recognition and has opened the door for .NET as an open source alternative in the minds of many consumers.
This year’s survey found that DotNetNuke leads the .NET open source CMS race over the nearest rival, Umbraco, by a significant margin. However, the good news for DotNetNuke seems to stop right about there.

Our survey found an ongoing deterioration in DotNetNuke market interest; a slide that has continued across the last several years. The system also had one of the worst ratios of trial usage to actual usage, in other words, while they were successful in getting  prospects to try the system, they were less successfully in converting them into actual users. Most troubling of all were the numbers relating to brand sentiment. DotNetNuke finished last of the entire survey set in brand sentiment and was one of only two systems to show more negative than positive responses to the question “What is your general feeling about these companies or projects?” Further corroboration of this conclusion can be found at the Windows Web App Gallery which lists user rankings for four .Net-based content management systems. Of the four, DotNetNuke is ranked the lowest, lagging behind Umbraco, mojoPortal and Kentico CMS.

The chart below shows the results of the query to the survey group on brand sentiment: Do you feel positive or negative about the following brands/products?

brand sentiment

Aside from the brand sentiment metric, DotNetNuke lead Umbraco across the board. However, when you look at the trend in interest levels, there is a sharp contrast: Interest in Umbraco is strengthening. The improvement is slow but steady and the gap between the two systems seems to have closed significantly in the last 12 months. One has to wonder what would happen if Umbraco could match the marketing might of DotNetNuke.

In conclusion, the .NET-based open source CMS market is still wide open. DotNetNuke was certainly the early mover but seems struggling now to hold on to that advantage. The arrival of competing systems like Umbraco, and even more recently mojoPortal, shows that there is plenty of room for competition in this space and that things are only going to get more challenging for DotNetNuke.


The data underlying these conclusions can be found in the 2009 Open Source CMS Market Share Report, from water&stone and CMSWire. Download a free copy of the report at:http://www.cmswire.com/downloads/cms-market-share/
Note: This article originally appeared, in slightly different form, on CMSWire.com: http://www.cmswire.com/cms/web-cms/open-source-cms-market-lights-beyond-lamp-005849.php

Ready for the Enterprise?

A quick look at 10 Open Source Content Management Systems which are beginning to find their way inside Enterprise IT Departments.

1. Alfresco

Alfresco is the new kid on the block. (The first public release just hit the streets in October ’05.) The system positions itself as an open source alternative to Windows SharePoint Portal Server. It features a number of desirable document management features including workflow management and audit capabilities. The system is OS independent and can operate on a variety of databases, including MySQL, PostgreSQL, Oracle and SQL Server. Underneath it all lies a heart of Java.

Alfresco offers a dual licensing model, with a free Open Source version of the system and several commercial versions. The Open Source version has more limited user management, but is otherwise largely comparable with the commercial versions of the program.

License: Mozilla Public License (MPL)

2. Bricolage

Bricolage is an interesting system and atypical in a number of ways. The system uses one of the more unusual configurations in this list, employing Perl as the primary scripting language and running off the PostgreSQL RDBMS. It is powerful and highly configurable, but some users may find it to be less friendly to administer than other systems on this list. It’s powerful, but the power comes at the cost of some usability. The newest version (1.9.1) addresses one of the important shortcomings (the ability to edit an entire story in one textbox), but basic users will not doubt find the administration interface a bit daunting.

Bricolage allows for configurable workflow, complex user hierarchies, multiple output channels, and even supports rollback – a rare feature in Open Source systems. The multi-site management features are particularly impressive. On the downside, Bricolage is relatively boutique and does not have a wide variety of third party created extensions available. Limited commercial support is available.

License: BSD

3. DotNetNuke

DotNetNuke is a bit of an anomaly: an Open Source CMS built on Microsoft’s .NET platform (it employs ASP.NET and VB.NET). The system is supported by a significant community and as a result has available a number of modules which can extend the functionality of the core. DotNetNuke’s strengths lie in the power of the system and the ability to create good looking websites with flexible templating. The downsides most commonly cited are the necessity possessing the .NET skillset (to modify the system) and the existence of only a few third party firms offering professional support.

Despite the name, DotNetNuke is not part of the phpNuke, PostNuke family. The system actually began as a free demo application released by Microsoft as part of their efforts to promote the .NET platform.

License: BSD variant

4. Drupal

The Drupal system has quickly won a devoted following. The popularity stems from a variety of factors: the easy to use and widely available LAMP platform, the PHP-based code, the ability to run either MySQL or PostgreSQL, and the easy to use admin system. The community surrounding the Drupal project is large and has developed a wide assortment of modules for the platform. This system has been translated into a number of languages. Templating with the system is not necessarily the easiest, but should present no problems to anyone with PHP skills.

Drupal’s forte is community-oriented content and the site works very well at that level. The system has been the target of some criticism relating to security, but the vulnerabilities are frankly no worse than anyone else’s. Only limited commercial support is available through third parties.

License: GPL

5. EzPublish

Though not as widely known as some of the other systems on this list, ezPublish enjoys a good reputation and claims to have more than 1,000,000 downloads to date. The system is backed by a corporate partner, ezSystems, who bases their business model on a dual licensing scheme that allows them to sell a professional version of the product, along with add-ons and support. Without a large developer community to support it, eZPublish lacks the wide choices of add-ons you find with some of the other systems on this list, but you can find the most common items, including a large number of translations and solid commerce options.

While it is powerful, the system does receive some criticism for being less than user-friendly and a bit bulky. Still, that said, if you are looking for a hardy application with commercial support and backing, it is definitely worth looking at.

License: multiple licenses

6. Magnolia

Magnolia was launched just over 2 years ago and in that time has gone through some serious improvement and evolved into a powerful system. More framework than CMS, the current version is based on the Java Content Repository Standard JSR-170. The Magnolia Server (or Framework) includes options for content management, document management, and business process navigation (BPN). Backed by the firm obinary, Magnolia presents a rather complicated dual licensing model. The CMS component and Magnolia Server can be used free of charge, but document management and the BPN module are fee-based.

Magnolia is built around J2EE and while it can be run on all common operating systems, the JDK requirement will be a show stopper for some. As the system lacks a large developer community, extension modules are few and far between. Professional support, however, is available from obinary.

License: dual licenses

7. Mambo

Mambo is built on the LAMP platform and employs PHP as the scripting language. It is one of the most popular Open Source CMSes, largely due to the ease of installation, the ease of use, and the wealth of options for extending the core. The downsides from an enterprise perspective, however, are significant, as Mambo lacks the ability to handle complex workflow, highly granular user management, rollback or multiple site administration.

The system makes up for many of the drawbacks with its flexibility and the ease with which the code can be modified to suit the users’ needs. Mambo is highly configurable and the PHP code base is very tolerant of modification. The templating is simple and effective, allowing for extensive control of a site’s look and feel. The system is backed by a nonprofit Foundation and commercial support is available from third party vendors.

License: GPL

8. Midgard

Midgard provides a CMS framework which runs atop the LAMP stack, utilizing PHP as the scripting language. The system also provides integration interfaces with Java and C, giving it more flexibility than many of the systems on this list. That said, it is the sort of system programmers will love, but users may find less enticing – even installation can be a bit of challenge for basic users. There is a limited number of extensions available for this system.

Midgard is an ad hoc community-driven project. Some commercial support is available through third party vendors.

License: GPL

9. OpenCMS

OpenCMS is based on Java and XML and has the flexibility to run on just about any platform. The system includes good user management, the ability to run multiple sites from one installation, and support for multiple languages. Commercial support is available from the parent company, Alkacon, and a number of other vendors.

On the downside, OpenCMS lacks a certain amount of flexibility. Templating and modifying the codeset can be a bit of a challenge given the site’s use of JSP. Moreover, the admin system, while relatively easy to use, lacks some of the advanced features available in other systems on this list. As a result of these limitations, OpenCMS sites often struggle to achieve a distinctive look and feel, tending rather toward a more uniform “portal” look.

License: LGPL

10. Plone

The Plone system has built a diehard cadre of devotees. The system is the most “exotic” on this list, being built primarily in Python and running off the Zope framework. If you’ve the stomach for Python and Zope, you should look at Plone. It is powerful, flexible and loaded with potential. The developer community which has quickly grown around this program is dedicated, verging on fanatical. They have created a number of innovative and desirable extensions for the Plone core (largely courtesy of the power of Zope). The admin interface is friendly and easy to use. Plone’s client list is quite impressive, including eBay, Lufthansa, NASA/JPL, and a number of other firms who clearly have some serious technology credentials.

If Plone can be said to be lacking in any particular area, it is in the document management feature set, which is likely to be disappointing to the enterprise webmaster.

License: GPL