My blog has moved and can now be found at http://blog.aniljohn.com

No action is needed on your part if you are already subscribed to this blog via e-mail or its syndication feed.

Monday, September 6, 2004
« Data on the Outside vs. Data on the Insi... | Main | Making USB Devices Read-Only »

I am thinking of implementing a content management system for my site and was looking at what is available in the wild. The primary ones that came up on my radar were DotNetNuke, the ASP.NET Community Starter Kit and Rainbow portal.

DotNetNuke seemed to have the most traction from a community support perspective, so I downloaded and installed it.  The first thing that I noticed is that in order to run this portal software, I have to give the ASP.NET process account full CRUD rights on the file system. Hmm... Ah..  Don't think so!  It sure looks pretty though :-)

So following up on my traditional philosophy of "When in doubt, talk to someone who actually knows something about the topic on hand", I pinged fellow CMAP .NET User Group member Scott Allen, who has written a book on this topic (Building Websites with the ASP.Net Community Starter Kit). After talking with Scott about my requirements, I decided that an option would be to start with the ASP.NET Community Starter Kit and modify the code base to meet my own requirements. Those requirements would focus heavily on security, logging etc. and will use threat models to drive the security features. In addition there are some features that are implemented in the CSK, such as skinning and master pages, which I can redo much easier using ASP.NET 2.0. Yes, I needed an excuse :-)

Of course, first I would have to grok the existing code base, which means I will be ordering Scott's book, which has recieved darn good reviews at Amazon.

Tags:: Musings
9/6/2004 5:28 PM Eastern Daylight Time  |  Comments [7]  |  Disclaimer  |  Permalink   
Sunday, May 8, 2005 12:06:44 AM (Eastern Daylight Time, UTC-04:00)
Thank you for the kind words! The CSK isn't perfect either, but I'm sure you can whip it into shape. :)
Scott Allen
Sunday, May 8, 2005 12:06:44 AM (Eastern Daylight Time, UTC-04:00)
Hello Anil
<br>
<br>This project sounds interresting and I would be happy to help (I speciallize in Asp.Net Security and have created several CMS in the past).
<br>
<br>So, Count me in (add dinis_CMS_development@ddplus.net to your mailing list).
<br>
<br>Best regards
<br>
<br>Dinis Cruz
<br>.Net Security Consultant
<br>DDPlus
Dinis Cruz
Sunday, May 8, 2005 12:06:44 AM (Eastern Daylight Time, UTC-04:00)
Hi Dinis,
<br>
<br>I very much appreciate your offer of help, but I do want to clarify the scope here. I am doing this to meet my particular needs and requirements and is not in any way envisioned as a complete CMS that everyone may want to use.
<br>
<br>Having said that, I will most certainly be leveraging a lot of the work OWASP has done per its Top 10 as well as the work that you've done under the OWASP/.NET umbrella and hope to bounce ideas with the folks on the owasp-dotnet list :-)
<br>
<br>Regards,
<br>
<br>- Anil
<br>
<br>
Anil John
Sunday, May 8, 2005 12:06:44 AM (Eastern Daylight Time, UTC-04:00)
Anil,
<br>it's fairly trivial to remove the need for CRUD with DNN. You can either
<br>(a)Stub out the VerifyFolderPermissions function in components\upgrade.vb, and recompile. This works fine, but only allows for 1 portal as creation of child portals requires folder creation
<br>
<br>(b) develop on your local machine, but with the connectionstrings set to your live db server, and then simply ftp up the folder structure when you're ready.
anon
Sunday, May 8, 2005 12:06:44 AM (Eastern Daylight Time, UTC-04:00)
Thanks anon..If I go down the DNN path, that is definitely what I will do.
Anil John
Sunday, May 8, 2005 12:06:44 AM (Eastern Daylight Time, UTC-04:00)
Anil,
<br>Have you tried .NET Nuke. It is an open source one.
<br><a target="_new" href="http://dotnetnuke.com/">http://dotnetnuke.com/</a>
Shaji Sethu
Sunday, May 8, 2005 12:06:44 AM (Eastern Daylight Time, UTC-04:00)
Yes, I tried .NET Nuke (as noted above), just spelled it wrong (DotNetNuke) :-), which is what kicked off this entire thing..
Anil John
Comments are closed.