itchy — Wed, 31 May 2006 20:23:56 +0000

great advice abishek, I appreciate all the feedback !!

Cheers
iTchy

Abhishek Reddy — Wed, 31 May 2006 06:59:49 +0000

You'll want to carefully consider a decision in these circumstances.

I expect most governments in developed countries have some sort of protocol in making decisions with regard to IT security. New Zealand, for example, has a manual of guidelines (SIGS). Though I'm not well-versed with it, I'd imagine there are processes involved such as conducting a security survey along with a viability study that may be satisfied.

NZ also has an e-govt initiative where policies on open source and trust and security are set out. The checklist treats security as 'mandatory'.

I'm not sure if all that is relevant or not, as NZ is just one example. Look up similar documentation that applies for the government you're working with.

As a base line, the previous advice given in the thread is good common sense. If the system you're building carries out important business processes, then you'll want to protect it as much as is feasible. If it's just for presenting less important data, then a simple approach to security could be considered.

Whether simply being open source presents an increased risk, I think is moot. I just can't see free or open source software being inherently less secure. The more visible a security hole is in the code, the sooner it gets patched. Of course, this can vary from project to project (as with proprietary software), so if you think Joomla is not secure enough by its own merit, then you might not want to risk it.

In any case, I expect you'll have to meet some sort of legal standards and guidelines with it being a government website, so it's best to consult someone who can advise you about it. Discuss it with the agency and follow it up with whatever department is responsible for that sort of thing.

Disclaimer: I am not a lawyer. The above is opinion, not legal advice, etc etc.

demonhale — Wed, 31 May 2006 03:08:20 +0000

I mean if you use it for example with payment systems then the security is an issue, although any good script will be eventually hacked, it is best if you always upgrade the version of the script/software you have and always backup your site, thats the only way to deter hackers... even if I suggest a different CMS (content management system) its not 100% that it will remain secure...

itchy — Wed, 31 May 2006 02:50:23 +0000

hi there,

Thanks for your reply - much appreciated.

How do you define "other information". I have been to the Joomla website and have post after post of people who have had their joomla sites hacked including some 1.0.8 versions.

Sorry to drone but am very anxious about this.

demonhale — Wed, 31 May 2006 02:38:12 +0000

My thoughts are, if your using joomla for puposes other than displaying information then there is this risk in security. But if youre planning to use joomla just for displayin stats, pictures, current events, and any other purely content related, then its a good way to use joomla to ease the maintenance of the site...