Related
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 9 years ago.
How does Drupal's security compare to Plone's?
Note:
It will be great if the comparison includes V.7 for Drupal and V.4 for Plone.
Thanks
There's a good overview of how Plone handles the top 10 security issues in the web app world here:
http://plone.org/products/plone/security/overview
Organizations like the FBI, CIA and European Network and Information Security Agency (ENISA) all use Plone, if that is an indication.
Plone has the best track record in security of any major CMS, and we take it very seriously. We have an architecture that is built around sandboxing, proper ACLs and a powerful security model.
Drupal has a pretty horrible security record (see the CVE numbers quoted in another comment), as do the other two major PHP-based frameworks (Wordpress and Joomla). Plone is Python-based, but you probably know that already.
Plone makes it easier to write secure add-ons, since we have a proper security model that makes it pretty hard to write code that is inherently insecure. This is different from any other system out there, and is another core differentiator.
(And yes, this answer is biased, I'm one of the founders ;)
The security of the main framework is pretty solid in both cases; the problems are almost always found in the add-on modules, so you need to evaluate each module you plan to use individually.
When searching the "CVE" official common vulnerabilities database, you get the following figures:
Last 3 years: plone 8, drupal 282.
Last 3 months: plone 0, drupal 9
The basic architecture of plone is apparently much more secure. I don't know drupal, actually, but I do know plone. There are no sql injection bugs as there's an non-sql object database behind it. It is a long-running python program, basically, instead of PHP scripts, which makes it easier to have a good solid security mechanism that's harder to break or mis-handle.
(Note: I just did a simple keyword search at http://web.nvd.nist.gov/view/vuln/search . Not all the results I see for drupal can be attributed to drupal, there seem to be some os-level vulnerabilities that somehow show up in the search results).
It's difficult to compare Plone and Drupal on equal metrics. CVEs is not the end-all comparison, and it's arguable how valuable it even is, as an indication of the relative security of the software. Of those 282 Drupal CVEs, how many were for Drupal core? Not 282.
limi can argue that the architecture is more secure, and point to Plone's response to the OWASP Top Ten. Drupal can do the same. And the "who uses it" argument? Well, whitehouse.gov uses Drupal, as well as a large number of other governmental and "enterprise" organizations.
There are several orders of magnitude more developers using Drupal; the higher numbers of vulnerabilities found can just as easily be attributed to more people bothering to look for them. These stats could easily be security by obscurity.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
We don’t allow questions seeking recommendations for books, tools, software libraries, and more. You can edit the question so it can be answered with facts and citations.
Closed 5 years ago.
Improve this question
I am writing embedded applications for different hardware (avr, arm7, tms55xx…) and different rtoses (freeRTOS, rtx, dsp/bios). And every second of them needs to communicate with PC or another digital device. Sometimes interactions logic is very advanced. So I'm interesting in common methodology (like state-machine programming style), protocol specification or library, that could simplify developing such things.
I've been very happy with google's protocol buffers on embedded systems for both data passing and RPC mechanisms. They are quite a bit lighter than XML based systems since the data is transmitted is binary encoded and the decoding the data sent requires minimal processing which is a big plus on cpu usage on the embedded side of the link.
There are readily available libraries for various languages but most importantly C for embedded apps.
OpenJAUS.
It's reflective, composable and standardized (ish)
Works cross-language-cross-platform.
Provides a lot more framework than Protocol Buffers ( which is a neat messaging stack)
It's focussed on robotics, but works for control systems.
In theory a JAUS user interface can operate any JAUS-compliant device, and JAUS systems are intended to compose into a syste-of-systems.
If those things don't make sense then please ignore this suggestion.
Here is an article on Embedded.com on CORBA on embedded systems and 'lightweight' or minimal implementations. The commercial solutions mentioned are for QNX, VxWorks and LynxOS. And another article on RPC on Embedded.com (this one authored by a TI DSP trainer and specifically referencing DSP, so may be relevant to DSP/BIOS).
I strongly recommend that you use Embedded.com's article search, there are probably many similar articles that you will find useful.
VxWorks supports RPC, as does QNX Neutrino.
"Roll your own" has always been my solution where standards compliance and inter-system compatibility is not an issue (i.e. my systems talking to my systems). Doing only exactly what you need is the best way to achieve 'lightweight' perhaps at the expense of flexibility and maintainability.
Recently we developted: https://github.com/EmbeddedRPC/erpc
Give chance to it ;)
Protocols are a natural fit for state machines, so perhaps you could use the very lightweight, open source QP state machine frameworks (state-machine.com). Ready to use QP ports and examples for various compilers are available for AVR, MSP430, ARM7/ARM9, TMS320C28x, PSoC, HC08, M16C/R8C, H8, 8051, PIC18, PIC24/dsPIC, ARM Cortex-M3/M0, and many others.
Note: I work for http://state-machine.com
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
I am learning ASP.NET and would like to know what are the must have tools for developing in ASP.NET. These can be tools for debugging, testing, desinging or other category you think about. Please be specific to ASP.NET development. I would prefer tools that do not cost money since I am doing that for fun at home. I am already using Visual Web Developer 2008 Express.
Thanks,
Tools:
Either ELMAH or ASP.NET Health Monitoring for error logging
Search Engine Optimization Toolkit
Tip/Trick: Url Rewriting with ASP.NET
Resources:
The Offical ASP.NET site
Scott Guthrie's Blog
Testing:
WatiN
Not specific to ASP.NET, but useful:
LINQPad
Scott Hanselman's Ultimate Developer and Power Users Tool List for Windows
Ten Must-Have Tools Every Developer Should Download Now
The Express Editions of Visual Studio are perfectly serviceable for learning ASP.NET.
In terms of specific utilities, I think having a good browser plugin like Firebug (Firefox) or the built-in developer console in Chrome are really handy for seeing whats going in the specific HTML or javascript.
Afterwords, if you find you need functionality thats not in the Express Edition, then upgrading to the full version of Visual Studio is highly recommended.
Something to watch the response and request headers, like Firebug or Fiddler. You can use these to see cookies, caching directives, etc... It's a great way to learn the ins and outs of http, and since you're talking about ASP.NET, you should have a good understanding of the protocol. I'd even take a peruse through RFC 2616, the suggested http standard, though not strictly followed by browsers.
http://www.w3.org/Protocols/rfc2616/rfc2616.html
Fiddler: http://www.fiddler2.com/fiddler2/
There's also HttpWatch, but it's not cheap, but there is a basic version.
http://www.httpwatch.com/
Of course there are all those ajax/javascript libraries like jQuery, Prototype, Dojo, MooTools, etc..., though they strictly aren't utilities, but incredibly useful.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
Questions asking us to recommend or find a tool, library or favorite off-site resource are off-topic for Stack Overflow as they tend to attract opinionated answers and spam. Instead, describe the problem and what has been done so far to solve it.
Closed 9 years ago.
Improve this question
First of all - I've seen this question, but mine is a bit different.
What I need is some framework for logging debug information. This information will NOT be present in production environment. It will be used for tracking down performance problems and other generic bugs. Especially for performance problems, so it will be used a lot together with load testing.
Therefore I expect that the logs will have a lot of messages and going through them by hand to find the slow ones is NOT an option.
At first I thought of using the build in Trace facilities of ASP.NET. They even have this great tool which would be perfect for my needs. Unfortunately, it seems that the ASP.NET trace is fundamentally flawed and cannot be relied upon, especially under heavy load. :(
So now I need something else, and it should come with a good analysis tool. Anything you could recommend?
Log4Net is a common logging framework used in FOSS projects.
Other good tools are using Enterprise Library logging and global exception handling (this is useful even in production environments to have.)
I'd also recommend Log4net. You can configure it to output messages to log files, database, etc. If you're looking for a good viewer, you can set up the UdpAppender, and then use a tool like Chainsaw to read the log messages. It's Java based though, so if you really want to avoid it, you could also try Log4net Viewer.
For more information and details on how to set things up, check out Using Chainsaw with Log4net.
Visual Studio Test Edition comes with a lot of what you're talking about.
You could also look into using ANTS from RedGate to profile for performance bottlenecks.
If price is a barrier you'll probably want to go with log4net.
There are a couple parsers for log4net out there.
I would recommend log4Net aswell, you can configure it to use several output types, so you can exactly configure how you like your logs to be created.
You might want to take a look at our logging tool SmartInspect, as it comes with a quite powerful log viewer with filtering capabilities among other things. It also includes example projects for ASP.NET.
As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance.
Closed 10 years ago.
I am currently looking at a distributed cache solution.
If money was not an issue, which would you recommend?
www.scaleoutsoftware.com
ncache
memcacheddotnet
MS Velocity
Out of your selection I've only ever attempted to use memcached, and even then it wasn't the C#/.NET libraries.
However memcached technology is fairly well proven, just look at the sites that use it:
...The system is used by several very large, well-known sites including YouTube, LiveJournal, Slashdot, Wikipedia, SourceForge, ShowClix, GameFAQs, Facebook, Digg, Twitter, Fotolog, BoardGameGeek, NYTimes.com, deviantART, Jamendo, Kayak, VxV, ThePirateBay and Netlog.
I don't really see a reason to look at the other solution's.
Good Luck,
Brian G.
One thing that people typically forget when evaluating solutions is dedicated support.
If you go with memcached then you'll get none, because you're using completely open source software that is not backed by any vendor. Yes, the core platform is well tested by virtue of age, but the C# client libraries are probably much less so. And yes, you'll probably get some help on forums and the like, but there is no guarantee responses will be fast, and no guarantee you'll get any responses at all.
I don't know what the support for NCache or the ScaleOut cache is like, but it's something that's worth finding out before choosing them. I've dealt with many companies for support over the last few years and the support is often outsourced to people who don't even work at the company (with no chance of getting to the people who do) and this means no chance of getting quality of timely support. On the other hand I've also dealt with companies who'll escalate serious issues to the right people, fix important issues very fast, and ship you a personal patch.
One of those companies is Microsoft, which is one of the reasons that we use their software as our platform. If you have a production issue, then you can rely on their support. So my inclination would be to go with Velocity largely on this basis.
Possible the most important thing though, whichever cache you choose, is to abstract it behind your own interface (e.g. ICache) which will allow you to evaluate a number of them without holding up the rest of the development process. This means that even if your initial decision turns out not to work for you, you can switch it without breaking much of the application.
(Note: I'm assuming here that all caches have sufficient features to support what you need from them, and that all caches have sufficient and broadly similar performance. This may not be a valid assumption, in which case you'll need to provide more detail in your question as to why it isn't).
You could also add Oracle Coherence to your list. It has both .NET and Java APIs.
From microsoft : App fabric
Commerical : NCache
Open source : RIAK
We tried a couple in the end we use the SQL session provider for asp.net/mvc yes there is the overhead of the connection to the DB but our DB server is very fast and the web farm has loads of capacity so not an issue.
Very interested in RIAK has .net client and used by Yahoo - can be scaled to many manu server