On 6/28/2012 6:05 AM, Tei wrote:
If you use these project that already do 99% of what the customer need, plus a 120% the customer not need (and perhaps don't want). The code quality will be normally be good, with **horrible** exceptions. But sooner or later, (weeks) there will be exploits for this codebase, to hack the site in horrible ways. If the customer don't pay maintenance and dont do the maintenance himself the code will turn comically outdated. Hacking the site will be easy for childrens age 5 and high. Maintenance suck. This option suck.
All options suck.
That's why there are things like mod_security and other application level firewalls. After exploits have CVE numbers, so do the fixes to the firewalls. And, due to the cost of custom software, and ease of use of push button install Wordpress, this isn't likely to change soon. It would be nice if WP/Joomla/etc force auto-updated by default, at least for sec fixes.. Ken Pacific.Net