Tips

Simple CMS Frameworks

Posted on June 8, 2006March 6, 2012 by Matthew Skelton (@matthewskelton)

I have some experience with using DotNetNuke as a CMS. It’s free, open-source, and has pretty good engineering. There are plenty of add-on modules available from sites like Snowcovered. Some of the UI elements are irritating: like a lot of early ASP.NET sites, there are too many postbacks, but it works well in general, and is easy to manage.

Community Server is targetted at a different market, and is ready-made for a typical portal site, with blogs, file downloads, forums etc.; whereas DNN is more like a toolbox, Community Server is one of those 5-in-1 screwdriver/drill combos. The asp.net site now runs Community Server, not surprising, since both are Microsoft-driven.

CMSs like PHP-Nuke are hopelessly out of date and riddled with bugs. In 2006 there is no excuse for having any SQL Injection vulns in web applications. Just do not execute raw SQL from the code: use Stored Procedures and parameters!

Joomla! is a fresh effort built on the base of Mambo, and is so far free of major bugs. It supports a flexible templating system, and has a bunch of nice features out of the can. It is, however, written in PHP, which is not very secure; PHP is seen by many as the scourge of the internet.

Decent Coding Fonts

Posted on June 8, 2006March 6, 2012 by Matthew Skelton (@matthewskelton)

Via Matt Reynold’s blog, we have ProggyFonts – a collection of small, clean fonts for use in big fat IDEs like VS 2005.

It makes a big difference to have small, readable fonts that don;t take up the whole screen, or degrade nastily at 7pt.

Oracle on AJAX

Posted on June 3, 2006March 6, 2012 by Matthew Skelton (@matthewskelton)

AJAX has received a lot of hyperbole over the last year or so, with some people renaming the web to “Web 2.0” [groan] in its honour. It allows websites to present a richer, more interactive interface, breaking the “click Next” sequential, disconnected web paradigm.

Personally, I believe that – in moderation – a bit of AJAX can be a good thing (think: Goole Maps) but that there is a danger of really breaking the normal web programming model. Google has thought about this, and have some useful guidelines for AJAX applications, along with a nice AJAX toolkit, which allows you to build applications in Java which are then compiled down to JavaScript. Anything which auto-generates compliant and working JavaScript, and therefore saves me from writing the stuff by hand, has to be A Good Thing. Writing JavaScript makes me feel unclean 😉

AJAX is here to stay, though, at least for the next couple of years. Oracle have put together a series of articles on AJAX from a JSF perspective, which explain the basics of AJAX rather nicely.

Mail: Enabled

Posted on May 20, 2006March 6, 2012 by Matthew Skelton (@matthewskelton)

At this point, I am inclined to decide that SMTP stands for “Stoopid Mother Truckin’ Program”, after some frankly bizarre shenanigens with SMTP on one particluar server. Thankfully, MailEnable came to the rescue. This is a well-engineered bit of software, and best of all, it’s free, even for commercial use (Enterprise users pay for high-end features).

The difficulties arose with a DotNetNuke installation, incombination with some stubbornly unconfigurable SMTP services. FOr example, the main SMTP server on the machine could not be configured to talk to web applications, and a second SMTP server program was available to do this, on another port (i.e. not port 25).

HOWEVER, it turns out that DNN does not allow you to specify an SMTP server on a port except port 25. In other words, a setting like this will not have the desired effect:

localhost:587

The port is ignored by the System.Web.Mail.SmtpMail class as used by DNN. I checked the source for DNN 3.2.2, and the port number is NOT parsed out from the servername string. This seems to me to be a serious limitation. A line or two of extra code would enable mail sending on alternative ports: parse out the port number, and if its there, set the port explicitly for the mail message before sending:

' line 152 or Mail.vb:

' external SMTP server
If SMTPServer  "" Then

' TODO: parse out port number here

    Web.Mail.SmtpMail.SmtpServer = SMTPServer
        Select Case SMTPAuthentication
            Case "", "0" ' anonymous
            Case "1" ' basic
                If SMTPUsername  "" And SMTPPassword  "" Then
                    objMail.Fields("http://schemas.microsoft.com/ cdo/configuration/smtpauthenticate") = 1
                    objMail.Fields("http://schemas.microsoft.com/ cdo/configuration/sendusername") = SMTPUsername
                    objMail.Fields("http://schemas.microsoft.com/ cdo/configuration/sendpassword") = SMTPPassword

' TODO: Insert port here...

                 End If
            Case "2" ' NTLM
                    objMail.Fields("http://schemas.microsoft.com/ cdo/configuration/smtpauthenticate") = 2
        End Select
End If

So I was left having to use a server on the default port 25, but with only a single machine it’s tricky to get SmartHost relaying working properly (in fact, it might be impossible – I haven’t checked the RFCs).

In the end, I disabled the two existing SMTP servers, and installed MailEnable from http://www.mailenable.com/standard_edition.asp – it is very easy to use and configure. Crucially, it can listen on two different ports, and had no limitation with respect to web applications.

I highly recommend it if you are having similar problems.

Secunia

Posted on March 17, 2006March 6, 2012 by Matthew Skelton (@matthewskelton)

Secunia is an excellent site, listing outstanding and historic vulns for all major (and many minor) software products. For exmaple, compare security flaws for DotNetNuke with the flaws for PHP-Nuke. There is clearly no competition there. Alarmingly, Firefox has 12% unpatched vulns since 2003, but of course stats can lie.