Using Joomla on government website
Hi there,
I am a new member and appreciate your time and feedback on my topic.
Just had a question regarding using open source programs on a government website. Is this a do or don't ?
I have the opportunity to upgrade a government agency website but am iffy about upgrading their website with the foundation being Joomla based. To my mind, it poses a security risk, being that the code is published and open, and anyone could look at the security flaws in the software and decide to hack a government level website.
Does anyone else have any intelligent thoughts on this subject and should it be done and used for commercial applications ??
Cheers for your feedback
demonhale posted this at 02:38 — 31st May 2006.
He has: 3,278 posts
Joined: May 2005
My thoughts are, if your using joomla for puposes other than displaying information then there is this risk in security. But if youre planning to use joomla just for displayin stats, pictures, current events, and any other purely content related, then its a good way to use joomla to ease the maintenance of the site...
itchy posted this at 02:50 — 31st May 2006.
They have: 6 posts
Joined: May 2006
hi there,
Thanks for your reply - much appreciated.
How do you define "other information". I have been to the Joomla website and have post after post of people who have had their joomla sites hacked including some 1.0.8 versions.
Sorry to drone but am very anxious about this.
demonhale posted this at 03:08 — 31st May 2006.
He has: 3,278 posts
Joined: May 2005
I mean if you use it for example with payment systems then the security is an issue, although any good script will be eventually hacked, it is best if you always upgrade the version of the script/software you have and always backup your site, thats the only way to deter hackers... even if I suggest a different CMS (content management system) its not 100% that it will remain secure...
Abhishek Reddy posted this at 06:59 — 31st May 2006.
He has: 3,348 posts
Joined: Jul 2001
You'll want to carefully consider a decision in these circumstances.
I expect most governments in developed countries have some sort of protocol in making decisions with regard to IT security. New Zealand, for example, has a manual of guidelines (SIGS). Though I'm not well-versed with it, I'd imagine there are processes involved such as conducting a security survey along with a viability study that may be satisfied.
NZ also has an e-govt initiative where policies on open source and trust and security are set out. The checklist treats security as 'mandatory'.
I'm not sure if all that is relevant or not, as NZ is just one example. Look up similar documentation that applies for the government you're working with.
As a base line, the previous advice given in the thread is good common sense. If the system you're building carries out important business processes, then you'll want to protect it as much as is feasible. If it's just for presenting less important data, then a simple approach to security could be considered.
Whether simply being open source presents an increased risk, I think is moot. I just can't see free or open source software being inherently less secure. The more visible a security hole is in the code, the sooner it gets patched. Of course, this can vary from project to project (as with proprietary software), so if you think Joomla is not secure enough by its own merit, then you might not want to risk it.
In any case, I expect you'll have to meet some sort of legal standards and guidelines with it being a government website, so it's best to consult someone who can advise you about it. Discuss it with the agency and follow it up with whatever department is responsible for that sort of thing.
Disclaimer: I am not a lawyer. The above is opinion, not legal advice, etc etc.
itchy posted this at 20:23 — 31st May 2006.
They have: 6 posts
Joined: May 2006
great advice abishek, I appreciate all the feedback !!
Cheers
iTchy
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.