10 replies to this topic

[Orjan]

All depending on what kind of site you are building, I would say. If your site have an focus on blogging, Wordpress would be perfect.
Otherwise, Drupal is one of those I've been looking into and even if it might have a high first step to understand,
it's well done and have an amazing set of free user contributed addon modules and themes. Their seventh version
is soon to be released, it's in beta stage now, and will probably be released this year or early next year.

[DEViANT]

I would recommend Joomla! above any CMS package available out there.

[Orjan]

The question about what CMS is best, is the same as the debate about PC vs Mac and Windows vs Linux. All has it advantages and disadvantages, all need their knowledge. Most people has most of the time not got enough into other systems, and therefore suggest the system they have got used to. It's very much a political question, as well as technical and usage thing.

[John]

Wordpress, Joomla! and Drupal are the best open source PHP solutions I have come across.

[SoN9ne]

Then again, open source has it's pros and cons too.
If you have the time and know-how, a proprietary solution is almost always better. At least from a security standpoint.

The option is entirely opinionated as there is no proper answer.
I personally would never use Wordpress. Joomla, or Drupal just because of the limitations and vulnerabilities of the code; unless I were pressed for time or a client insisted and I didn't care to educate them.
It all depends on the project's needs, budget, and timeline.

[Orjan]

Open source is not less secure by definition, as you want it to look like, SoN9ne, many proprietary solutions have security issues as well, and it's not always the companies that patches their software better and/or faster than the open source teams does. Proprietary software has it's cons in that you need to pay, probably both a one-time fee and a monthly or yearly fee for service and/or updates, and if you don't play, you won't get your security updates. Of course, you can never be sure that the open source team do release a security upgrade, but if they upgrade once in a while, it is not a problem. And you can't stand there without updates as you don't need to remember to pay the bill, as there are none.

Another con with proprietary solutions is that you, at most of the time, aren't allowed to alter the product if you need to, and if you need new functionality, you need to buy it, instead of download it for free from the open source website. With for example Drupal 7, you don't even have to download your new addons (modules, themes or other updates) yourself, the system itself can help you with this. Of course, it might be a security hole, but _everything_ on the net might have one or more security holes, open source or proprietary or any other classification.

most of the proprietary systems has as much limitations as the open source ones, or wait, proprietary... just the word mentions another bunch of limitations open source doesn't have.
Regarding vulnerabilities, proprietary doesn't give a guarantee that there are no vulnerabilities, but if you're lucky, and the Terms Of Service gives you an opening to have some money back. If anyone of those companies would leave a opening for it. likely? well, probably not.

So, it's not only open source that has it's pros and cons, proprietary solutions has theirs as well.

[Alexander]

IMO the community is the best part of the security when regarding open source. People are encouraged to review code and speak about problems, or connect to the creator(s) and find a fix and communicate it.

[SoN9ne]

I agree with both of you but open source is more vulnerable since the code is in the public domain.
Sure there are communities to help with security expertise but many users don't understand what is being said.

I was mentioning proprietary as in creating your own software, not purchasing it from someone else (even purchased software is more vulnerable to being attacked than custom systems).
This is more secure because your vulnerabilities are not in the public domain and hackers would have to attack your system to find holes.
Any decent system administrator would be able to identify and prevent these attacks; there will still be security concerns but not as many as using open source.
Open source has much more security concerns than proprietary... that's all I care about. Ideally, security should be the first concern but unfortunately budget and time always take priority.

I do agree with your assessment of any purchased proprietary solution. This is why I am a fan of building your own system instead of using others.
I use my own custom framework for all my solutions to ease future projects. It took me years to perfect my framework but I built it around security and it has never been hacked to-date.
I cannot say this about Wordpress, Joomla, or Drupal as I have seen all of these hacked before. Of course, you could argue that they have a much larger client base and that's why but that only proves my point.

Naturally, any software will have a security vulnerabilities but you cannot deny that proprietary is more secure if only for the fact that the vulnerabilities are not publicly available.
Of course a program is only as good as it's creator... this works both ways. I have never heard anyone say that open source is more secure than proprietary... it's not.

I never implied that proprietary solutions don't have pros and cons, this is obvious.
Proprietary is almost always a better solution; open source is simply cheaper and faster but it doesn't outweigh the risks (from a security standpoint).

As I have already stated, this is entirely opinionated as there is no correct answer, just different point-of-views.
I mentioned proprietary solutions because everyone else is mentioning open source like its the only option. I like to give the other side that everyone seems to ignore.

[Orjan]

Always coding your own is like inventing the wheel each and every time, and it costs a lot of time. In some cases, it's needed. in others, not really. All depends on the purpose and security level needed. Own written code has the disadvantage that it's not being looked into by others, to find things made in an insecure way. You really need to have a perfect coding to ensure the security on your own, without cooperation. For most users, business etc, a pre-made wheel is all what they need, and it would take lots less hours for the customer, as long as you know the system you're working on.

[mnamjad]

The most commonly used cms are Joomla, Magento, Wordpress and drupal. All of them have their advantages and disadvantages. You cant select the best from all these, it all depends on your requirement.

If you need a blog based site then wordpress is the best tool.
If you need to develop a big cms site then Joomla is better.

So all these varies according to the requirements and the selection of CMS depends on your requirement.

One more thing, "Do not reinvent the wheel.". If you think that any of the CMS can give you the required solution then no need to start from scratch.