: Are there security risks involved in moving from a CMS that uses SQL to one that uses XML? I've used a lot of content management systems in my day (drupal, wordpress, joomla, etc.) and they
I've used a lot of content management systems in my day (drupal, wordpress, joomla, etc.) and they have all been database driven using MySQL. While the security updates for many CMS offerings out there seem frequent and strong, I still see the occasional site go down, get defaced, etc. (usually from SQL injection attacks).
This has led me to look at Get-Simple CMS, which has the unique difference of housing data in XML files. I realize folks won't be able to speak about specific vulnerabilities related to this CMS, but in general what are the pros and cons with regard to security and an XML driven CMS?
More posts by @Chiappetta492
1 Comments
Sorted by latest first Latest Oldest Best
It's really the same as any form of data store. Do you protect it from malicious data and attack? One thing that comes to mind is how are the XML files stored?
Outside of the web root - best
Inside the web root but protected through .htaccess - not as good but ok
Inside the web root and hidden through obscurity - not good at all
The data's integrity and malicious user input issues still apply. They may not be able to to SQL injections but they can still do XXS attacks as that is independent of the storage mechanism.
I'd have to say there is no advantage or disadvantage to using XML for storage from a security point of view. (From a non-security point of view I would think XML is slower to work with then a relational database especially for large data stores).
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.