Forum for discussing general topics related to Couch.
6 posts Page 1 of 1
Hi,
I have only ever worked with Joomla! so that's my frame of reference. I haven't used Couch yet because I want to make sure it's secure first. It looks ideal for most of my clients as far as I can see. I was interested in Concrete5 but most of the hosts over here don't support it because of the cURL issues.

I was wondering how CouchCMS compared to Joomla in terms of security.

Also
Hi and welcome Reaper1242 :)

Security, IMHO, is an absolute factor and cannot really be stated in terms of comparing X with Y.

We have taken all possible measures to ensure that our CMS is as secure as possible.
Our particular emphasis has been on preventing XSS, CSRF and SQL injection vulnerabilities.

We've had no reported security issues for the past two and a half years that Couch has been around but, to be fair, the fact that its source was encoded and hence not open to public scrutiny certainly had a lot to do with it.

Realistically speaking, with the source now open, as happens with all CMSes without exception, there are bound to be discoveries of bugs that have eluded us. But again, with greater number of eyes on the code, this will also lead to them being rectified just as fast.

Hope this answers your query.
KK wrote: Hi and welcome Reaper1242 :)

Security, IMHO, is an absolute factor and cannot really be stated in terms of comparing X with Y.

We have taken all possible measures to ensure that our CMS is as secure as possible.
Our particular emphasis has been on preventing XSS, CSRF and SQL injection vulnerabilities.

We've had no reported security issues for the past two and a half years that Couch has been around but, to be fair, the fact that its source was encoded and hence not open to public scrutiny certainly had a lot to do with it.

Realistically speaking, with the source now open, as happens with all CMSes without exception, there are bound to be discoveries of bugs that have eluded us. But again, with greater number of eyes on the code, this will also lead to them being rectified just as fast.

Hope this answers your query.


Thanks very much for the prompt response. I have to say that considering what I'm reading about development of Couch I doubt any security exploits will stay unplugged for terribly long.

There was one other question. How are updates to existing deployments of Couch handled?
Upgrade basically consists of simply overwriting the existing installation folder with the new one.
The installation zip contains a file named UPGRADE.txt that explains the process in more detail.

Hope this helps.
KK wrote: Upgrade basically consists of simply overwriting the existing installation folder with the new one.
The installation zip contains a file named UPGRADE.txt that explains the process in more detail.

Hope this helps.


So a little more user involvement than Joomla! but not a massive issue.

Again, thanks for the excellent support. I'll definitely be diving into Couch in the next few days.
Thanks.
Please feel free to contact us anytime you require help with Couch.
6 posts Page 1 of 1