CMS Decision

[Steven Peck]

Greetings,

I was pointed to this discussion by one of the developers in the
Drupal community who did not have time to follow up.  While I am not
about to step into your decision about which CMS to use as you need to
pick one that fits your needs and mission, I have to disagree with
this statement;

>On Mon, 2005-12-05 at 16:58 -0600, Patrick Barnes wrote:
>> If we decide we need a CMS solution, what can we do to make a PHP
>> solution like Drupal as secure as possible?  We can disable XML-RPC.
>> What other features would we need to disable?  Would this cripple Drupal
>> beyond usefulness?
>
>Hell yes.
>
>http://secunia.com/advisories/17824/
>
>--
>Ignacio Vazquez-Abrams <ivazquez ivazquez net>

Disabling XML-RPC does not cripple Drupal.  It does not even seriously
impact Drupal at all.  Without it, you will not be able to use remote
blogging software such as http://blogtk.sourceforge.net/.  Nor will
you be able to configure it to remotely pull flickr images through the
blogapi.  Of course, you might want this functionality, many people do
which has always confused me ...

The security vulnerability was discovered within the community, fixed
quickly and announced by the developers.  Please note that the XML-RPC
vulnerability was with the library used by Drupal and many other
projects.  Drupal now uses a different library as a result. 
Additional focus has been added to help ensure that such a
vulnerability is less likely to happen again.

Like Greg Knaddison, I just stopped by to answer any specific
questions about Drupal.  I will remain subscribed for a few days, but
you folks need to decide what CMS meets your needs and usage.

I think Drupal would work for you, but I'm sort of biased. :) 
http://drupal.org/user/5195
I now return you to your regularly scheduled discussion.

-sp