iEntry 10th Anniversary
Announcements
Contact
CMS Content Management System the RIGHT way
Posted December 1st, 2007 at 03:41 AM by JustinStudios
Updated December 2nd, 2007 at 12:42 AM by JustinStudios
Updated December 2nd, 2007 at 12:42 AM by JustinStudios
I've had way too many requests and since I couldn't sleep I thought I'd give some pointers about the CMS (Content Management Systems). While this is nowhere near the full depth I thought I'd give some helpful tips about Client Deletion do's and dont's, as well as; some basic security information.
Most people don't really understand what a CMS is supposed to do. A CMS is supposed to give the client complete "FOOL PROOF" control over the site. The key word for those that missed it is "FOOL PROOF". If it is something that can break the site down then don't give them that power.
RULES FOR ALLOWING CLIENTS TO DELETE -
If your client wants to delete, give them a button that says "Delete" but in reality let it flag the content in question and no longer show up anymore. This will mean you having to code the entire site to do this, but this way, if they accidentally delete a user or content it can be fixed. Another wonderful idea is to create a Database called Graveyard. Graveyard will contain all tables from the database itself. When data is "Deleted" from the main database it is first written to Graveyard then removed from the database table. By doing this you make adding deleted content an option again.
SECURITY -
So you created a wonderful CMS and now your ready to go live. Someone that isn't your client types /admin151234 (lets say you thought that made it secure) and they now have full control of your clients site. ALWAYS password protect the pages of the CMS. Each and every page should have a check to see whether the user is logged in as the Admin. Don't let the user see anything at all except for "Your not authorized to be here please login" before they login.
A user should automatically be logged out from an admin section every few minutes (some say 10 others 30) and a cookie should never be used to save login information (For CMS purposes). While this does make it easier for your client to be able to simply go straight into editing it can be bad if they use it on a public computer and then the person behind them enters. I know it sounds ridiculous but I have had it happen more than once and I quickly learned from this mistake. People on public computers LOVE to hit the history button and visit the sites that the person before them just went to. If your client complains to you about this simply explain to them that it is a security feature and if they would like their username and password to be saved they should download firefox and use the password manager there. Of course, if the client isn't satisfied with that answer simply let them know you will do it but explain to them the reason you didn't want to do it.
Thats just some very basic tips for CMS's. If I have another restless night I will post more.
Most people don't really understand what a CMS is supposed to do. A CMS is supposed to give the client complete "FOOL PROOF" control over the site. The key word for those that missed it is "FOOL PROOF". If it is something that can break the site down then don't give them that power.
RULES FOR ALLOWING CLIENTS TO DELETE -
If your client wants to delete, give them a button that says "Delete" but in reality let it flag the content in question and no longer show up anymore. This will mean you having to code the entire site to do this, but this way, if they accidentally delete a user or content it can be fixed. Another wonderful idea is to create a Database called Graveyard. Graveyard will contain all tables from the database itself. When data is "Deleted" from the main database it is first written to Graveyard then removed from the database table. By doing this you make adding deleted content an option again.
SECURITY -
So you created a wonderful CMS and now your ready to go live. Someone that isn't your client types /admin151234 (lets say you thought that made it secure) and they now have full control of your clients site. ALWAYS password protect the pages of the CMS. Each and every page should have a check to see whether the user is logged in as the Admin. Don't let the user see anything at all except for "Your not authorized to be here please login" before they login.
A user should automatically be logged out from an admin section every few minutes (some say 10 others 30) and a cookie should never be used to save login information (For CMS purposes). While this does make it easier for your client to be able to simply go straight into editing it can be bad if they use it on a public computer and then the person behind them enters. I know it sounds ridiculous but I have had it happen more than once and I quickly learned from this mistake. People on public computers LOVE to hit the history button and visit the sites that the person before them just went to. If your client complains to you about this simply explain to them that it is a security feature and if they would like their username and password to be saved they should download firefox and use the password manager there. Of course, if the client isn't satisfied with that answer simply let them know you will do it but explain to them the reason you didn't want to do it.
Thats just some very basic tips for CMS's. If I have another restless night I will post more.
Total Comments 3
Comments
|
Thats this helps me to build my next cms
ps you spelt the title wrong |
 
|
|
|
Thanks for the info! And yes, your title is wrong :: it says "CSM"...
|
|
|
|
|
Well I was sleepy
 Thanks for the fix |
|
|
Recent Blog Entries by JustinStudios
- Happy Holidays - A Non Offensive way to say Merry Christmas? WRONG! (December 11th, 2007)
- CMS Content Management System the RIGHT way (December 1st, 2007)
- How slow is too slow (ASP.Net) (December 1st, 2007)
