Menggunakan Zoho Creator untuk pelatihan software

How Zoho Creator found its way into a Business School Curriculum : A Success Story

Oct 04 2011 08:45:00 AM Posted By : Aparna

Comments (3)

Time and again, businesses from varied backgrounds deploy customized Zoho Creator applications for their varied needs. While it is easy to imagine a few run-of-the-mill applications which can come in handy, the truly creative and innovative use cases that our users come up with never cease to amaze us.

We take pride in showcasing such ingenious Zoho Creator applications built by some of our enthusiastic users. Today we are here with yet another usergroup that has taken the usability of Zoho Creator to an altogether different level.

The Insti:

IIT Kharagpur is one of the most prestigious educational institutions in India. Offering a plethora of courses in graduate, post graduate, management and doctoral studies, being an IIT-ian is every student’s dream. VGSOM is IIT Kharagpur’s B School. It is one of the top ranked B schools in the country. Like any other B School, the students of VGSOM are from varied cultural and educational backgrounds. But one thing that binds them all is the fact that they have worked their way into this premier institution through sheer hard work and are looking to learn as much as they can and step into the corporate world as managers with sharp skills and acumen.

The Coursework:

So far, we’ve come across different educational institutions using Zoho Creator for their data management needs. But IIT Kharagpur went one up and included Zoho Creator as a part of their curriculum. Developing an ERP Zoho Creator application is a part of the final year project for the students of VGSOM. A mandatory part of the curriculum, this seeks to introduce the students to the world of ERPs.

The “deciding” factors:
According to Prof. Prithwis Mukherjee, the man behind the inclusion of Zoho Creator in the curriculum, conventional application development platforms are getting outdated. Students need to get to the heart of the problem without having to first spend time learning the programming languages and then going on to develop custom applications. Zoho Creator being a cloud based solution, customized applications can be developed quickly and easily.

Here’s more from the professor himself, who chanced upon Zoho Creator through a Google Search, and his students who developed different apps on the Zoho Creator platform for their project.

If you thought that was interesting.. take a look at this thread where Professor Mukherjee makes the announcement to his students.

Now, that was one way we never imagined Zoho Creator to be used. If you think your story will surprise us, do share your experience with us. And we will tell the world about it right here!

Read More

Versi terbaru MariaDB

The MariaDB project would like to announce the availability of MariaDB
5.3.2-beta, the latest addition to our growing lineup of supported
software. MariaDB 5.3.2-beta is a bug-fix update to the previous
5.3.1 and 5.3.0 betas.

== About MariaDB 5.3

The MariaDB 5.3 series introduces many new features, includes MariaDB
5.2, and is based on MySQL 5.1. Some highlights of new features in
MariaDB 5.3 include:

- subquery optimizations that finally make subqueries usable
- many optimizer changes, including Classic Hash Join, Batched Key
Access, a new implementation of Multi-Range-Read optimizations as
well as Index Condition Pushdown
- NoSQL-style interfaces via the HandlerSocket plugin as well as
dynamic columns
- group commit in XtraDB when the binary log is enabled
- Microsoft Windows performance improvements

These are just some of the highlights, and for a more complete list of
changes, please read the What is MariaDB 5.3 page:
http://kb.askmonty.org/en/what-is-mariadb-53

== About MariaDB 5.3.2-beta

In the MariaDB 5.3.2-beta there are a couple of changes compared to
previous 5.3 releases:

=== User Feedback plugin

MariaDB 5.3.2-beta introduces the User Feedback plugin. This plugin is
disabled by default. If enabled, it submits anonymous basic MariaDB
usage information. This information will be used by the developers to
track trends in MariaDB usage to better guide development efforts.

If you would like to help make MariaDB better, please add
--plugin-load=feedback.so to your my.cnf file! On Windows, add
"feedback=ON" to your my.ini file, or click the checkbox during
installation of the MSI package.

See http://kb.askmonty.org/en/user-feedback-plugin for more information.

=== Subquery Cache now on by default

Starting in MariaDB 5.3.2-beta, the Subquery cache is on by default. In
previous versions of MariaDB the cache was off by default.

The goal of the subquery cache is to optimize the evaluation of
correlated subqueries by storing results together with correlation
parameters in a cache and avoiding re-execution of the subquery in
cases where the result is already in the cache.

See http://kb.askmonty.org/en/subquery-cache for more information.

== MariaDB 5.3.2-beta Release Notes, Changelog, Downloads

The release notes for MariaDB 5.3.2-beta are available from:
http://kb.askmonty.org/en/mariadb-532-release-notes

A complete changelog for this beta is available from:
http://kb.askmonty.org/en/mariadb-532-changelog

Sources, binaries and packages can be downloaded from:
http://downloads.askmonty.org/mariadb/5.3.2/

Debian and Ubuntu packages are available from our mirrored
apt repositories. A sources.list generator can be found at:
http://downloads.askmonty.org/mariadb/repositories/

The project always strives for quality, and being a beta release, we
know that not everything may be perfect. Please take some time to
report any issues you may encounter at: https://bugs.launchpad.net/maria

Enjoy MariaDB 5.3.2-beta & Happy Testing!

--
Daniel Bartholomew
MariaDB - http://mariadb.org
Monty Program - http://montyprogram.com
AskMonty Knowledgebase - http://kb.askmonty.org

_______________________________________________
announce mailing list
announce@mariadb.org
http://lists.askmonty.org/cgi-bin/mailman/listinfo/announce
To unsubscribe, send an email with "unsubscribe" as the Subject: to announce-request@mariadb.org

build-access-manage on www.dayaciptamandiri.com

Read More

Fixing Indonesian Education's Poor Scores

Bruce Gale - Straits Times Indonesia | October 07, 2011



Indonesia ranks 61st out of 65 countries when it comes to 15-year-olds' proficiency in mathematics. Their reading skills are a little better, with teenagers in only seven countries performing worse. (JG Photo/ Yudhi Sukma Wijaya)

Indonesia ranks 61st out of 65 countries when it comes to 15-year-olds' proficiency in mathematics. Their reading skills are a little better, with teenagers in only seven countries performing worse. This is the conclusion of a study carried out in 2009 by the Program for International Student Assessment (Pisa) and coordinated by the Organization for Economic Cooperation and Development.

Why are Indonesian youngsters so far behind? Some observers believe the problem arises from a lack of sufficient funding for education. Others blame it on a corrupt and poorly designed national examination system.

These are certainly contributing factors.

An equally serious problem may be the education system's continued emphasis on rote learning and the failure of the nation's bureaucrats to use available funds wisely.

One of the great achievements of the Suharto era was the establishment of universal education and the subsequent spread of literacy. But the system has since fallen into disrepute.

Educationalists also point to a greater divergence in the quality of education available as the children of middle- and upper-class citizens gravitate to better-funded private schools and religious organizations struggle to provide a good education to the less privileged.

After decades of neglect, however, education spending has increased enormously in recent years and is now equivalent to about 3.4 per cent of gross domestic product, around the same level as Singapore's. Even so, much remains to be done. In July, Anwar Alsaid, head of the United Nations Educational, Scientific and Cultural Organization's education unit in Jakarta, urged Indonesia to continue to focus on the sector.

The government seems to be taking notice. Later the same month, the local press reported that the National Education Ministry had allocated 762.2 billion rupiah (S$111 million) to fund scholarships for more than two million students from low-income families. The scholarships are to go to elementary school pupils in the first to fifth grades.

Since 2006, the government has also been working to address concerns about the need for quality education. So-called "international-standard schools" or RSBIs with more diverse curriculums and fewer students in each class have been created. These schools, of which there are currently about 1,300 across the country, are allowed to impose fees - a point which has prompted critics to complain that students from low-income families have been effectively excluded.

But the more fundamental complaint against RSBIs is that they have so far failed to deliver on their promise of academic excellence. And scholarships serve little purpose if the quality of education remains poor. Earlier this year, the Education Ministry stopped issuing additional RSBI permits pending an evaluation.

Educationalist Toenggoel Siagian sees a fundamental problem with the way Indonesian students in government schools are taught. "They don't teach students English. Rather, they teach them about English," he told me when I met him recently in Jakarta. Siagian's lament concerned the emphasis on English grammar at the expense of practical skills such as the ability to carry on simple conversations.

He has a point. Despite the fact that English is a compulsory subject at the senior high school level, few graduates of government schools can hold a simple conversation in the language. Mathematics, says Siagian, is generally taught better. But even here there is little attempt in schools to link the subject to the real world in a way that would help students solve practical problems.

Siagian heads the Jakarta Christian School Association (PSKD), which runs 22 primary, junior high and senior high schools in the Jakarta area. Many PSKD schools are well regarded for the quality of the education they provide despite the relatively modest fees charged.

Speaking to me in his office in Jakarta's Kwini district, Siagian also placed emphasis on the need to give students something to be proud of. As an example, he pointed to the girls' basketball team at PSKD's senior high school in Kwini. Membership of the team, which regularly wins national championships, is highly prized by the students. But no student can be admitted into the team with a high grade point average.

A committed staff also helps. PSKD's head of academic affairs holds a PhD from Cornell University in the United States. Yet she earns just 3.5 million rupiah a month and is not entitled to any additional allowances. Similarly committed educationalists can be found in some of the better Muslim schools run by organizations such as the Nahdlatul Ulama.

Such individuals, however, will probably always be in the minority. More realistically, Siagian speaks about the need to improve teacher training and raise salaries so that more of the country's better university graduates will consider teaching as a career.

Money is important. But it needs to be spent in the right places. There also needs to be a fundamental rethink about educational methods and goals if Indonesia's teenagers are to perform better in future Pisa assessments.

Reprinted courtesy of Straits Times Indonesia. To subscribe to Straits Times Indonesia and/or the Jakarta Globe call 021 2553 5055.
build-access-manage on www.dayaciptamandiri.com

Read More

10 Kalimat Inspiratif Sang Jenius

Santi Dwi Jayanti : detikInet

detikcom - Jakarta, Sosok legendaris di ranah teknologi, Steve Jobs, telah meninggal dunia di usianya yang ke-56. Akan tetapi, jejak kesuksesannya tidak akan pernah dilupakan.

Kesuksesan yang ia raih bersama Apple ini tidak luput dari cara Jobs memandang kehidupan serta bisnis yang ia jalani. Ia pun sering berbagi kalimat penuh inspirasi. Berikut beberapa di antaranya:

"Sangat sulit membuat desain sebuah produk. Kerap kali orang-orang tidak mengetahui apa yang mereka inginkan, sampai kita menunjukkannya pada mereka". (BussinessWeak, 1998).

"Ini adalah salah satu mantra saya - fokus dan kesederhanaan. Kamu harus berkerja lebih keras untuk menjernihkan pikiran dan menghasilkan kesederhanaan. Pada akhirnya hal ini akan setimpal. Saat kamu tiba di sana, kamu bisa memindahkan gunung". (BusinessWeek, 1998).

"Menjadi orang terkaya di pemakaman tidak berarti bagi saya...Pergi ke tempat tidur dan mengatakan bahwa kami telah melakukan sesuatu yang luar biasa...Itulah yang berarti bagi saya". (The Wall Street Journal, 1993).

"Saya akan selalu terhubung dengan Apple. Mungkin ada saat-saat atau tahun-tahun di mana saya tidak di sini, namun saya akan selalu kembali". (Playboy, 1985).

"Kami tidak pernah khawatir terhadap angka-angka. Apple selalu mencoba berfokus pada produk karena sebuah produk benar-benar akan membuat perbedaan". (Playboy, 1985).

"Kamu harus memiliki keyakinan terhadap sesuatu - keinginan, takdir, hidup, karma, apapun itu". (Stanford commencement speech, 2005).

"Pekerjaanmu akan menjadi bagian penting dari kehidupanmu. Satu-satunya cara untuk mencapai kepuasan adalah dengan percaya bahwa apa yang kamu kerjakan adalah pekerjaan yang hebat. Cintai apa yang kamu kerjakan. Jika kamu belum menemukannya, tetaplah cari. Jangan berhenti". (Stanford commencement speech, 2005).

"Tidak ada seorang pun yang ingin mati. Meski mereka yang ingin pergi ke surga, tidak ingin mati. Namun kematian adalah tujuan kita bersama, tidak ada yang bisa lolos darinya. Kematian adalah penemuan terbaik dalam kehidupan. Ia membersihkan yang lama dan membuat jalan untuk yang baru. Sekarang yang baru adalah kamu, namun suatu saat nanti kamu akan menjadi tua dan 'dibersihkan'. Maaf terlalu dramatik, namun ini benar". (Stanford commencement speech, 2005).

"Panutan saya untuk bisnis adalah The Beatles. Mereka saling mengimbangi satu sama lain. Beginilah cara saya memandang suatu bisnis, bisnis yang hebat bukan dilakukan oleh satu orang, melainkan oleh tim". (Interview with 60 Minutes, 2003).

"Jika kamu melakukan sesuatu yang bagus, maka selanjutnya kamu harus melakukan hal lain yang luar biasa. Jangan tinggal terlalu lama, pikirkan apa yang harus kamu buat selanjutnya". (NBC Nightly News, May 2006)
build-access-manage on www.dayaciptamandiri.com

Read More

AETNA , AETHRA & AVTHRA Interactive Kiosk - Okt 2011

AETNA , AETHRA & AVTHRA Interactive Kiosks
Ready Stock :
== Chassis Box / Kiosks ==
-1) AETNA-5.6 (incl. LCD + TS 15.6") = $ 1000,-
-2) AETNA-7 (incl. LCD + TS 17") = $ 1150,-
-3) AVTHRA-7w ( incl. LCD + TS 17"wide) = $ 1550,- ( Vertical View
)
-4) AETHRA-7 ( incl. LCD + TS 17") = $ 1500,- ( Slim Kiosks )
-5) AETNA-9 (incl. LCD + TS 19") = $ 1550,-
-6) AETNA-23 (incl. ALL IN ONE PC 23") = $ 1850,-
Bahan Black Galvanis cover, sdh termasuk Speaker, Power Cord, Exhaust fan
Applications & Function
- Queue Machine / Ticketing
- Point of Sales / Data Entry
- Banking & Financial Institution
- Building, Mall & Public Information
- Showroom / Gallery / Museum
- Restaurant Menu /
- Product Information & Promotion
- Children Education / Training
- Internet Station / Simulation
- Industrial & Machine Control
- e-HRD / Employee Self Service
much more . . . . . . .
Custom/Special Design WELCOME!!
Interactive Kiosks HOTLINE
0213907418
08121057533

build-access-manage on www.dayaciptamandiri.com

Read More

[Results] Higher Ed CMS Usage - 2010

At the end of February, .eduGuru set out to begin another round of research on a trend in higher ed web development. This time, we took a look at the CMSs being used from school to school. Which CMS to use for a university is a question that lingers in forums and on mailing lists frequently, and it’s our hope that you will find the following information helpful in deciding which system will be best for you. Additionally, we’ll be following up with a series of guest articles over the next couple months that will discuss their experience using the top CMSs from this list for their school’s web site. This post will be fairly long in order to review all the data. If you want, you can download the data now and review it on your own (this data has been edited to provide anonymity to the contributors. Additionally, this research is released under a by-sa Creative Commons 3.0 License. It is provided as a zip file with .xls, .pdf, .csv, and .ods formats for your convenience).
There were 144 responses over the first two weeks of March. There are 4146(ish) colleges and universities in the US, however there currently is no metric for how many of those are already using a CMS. Consider the results specific to the US, as even though there were a couple international entries, it was not statistically significant. See the chart below for a break down on campus size.

“This is one of the more political and important decisions a university makes. Every system has its benefits and drawbacks, but it is almost impossible to compare systems. This is especially true since you really don’t know the system until you’ve been using it for years, and at that point it is too late to switch or be able to evaluate other products.”
~ Survey comment

The golden question: Which CMS should I use? Well, as you can expect, that’s not a simple thing to answer. As you can see in the chart below, the top four (excluding in house solutions), is spread pretty evenly. OmniUpdate comes out at the top of the list, which isn’t surprising given the length of time they’ve been around, and the fact that they have produced a higher ed targeted, feature rich CMS. The other three – dotCMS, Cascade, and Drupal – run neck and neck, which is interesting, since these three systems are all quite different. But, that does emphasize the point that different schools will have different needs, and will choose a CMS to fit those needs. Always take the time to properly identify what needs and requirements you have before selecting a CMS.

PHP and Java rule the roost as programming language, with PHP just barely leading. Together, they make up more than half of what is being used in higher ed. This is good news for those looking to staff up on programmers, since these two languages are also generally in the top four most popular programming languages in general (along with C and C++), meaning applicant pools should be bigger for them. I realized I made a mistake and left Ruby on Rails off the survey, but it turns out that it has definitely not hit the radar, and was written in by only one school. Note: some survey entries were modified for uniformity and to correct incorrect platform language identification.

Schools were fairly evenly split in whether or not they had more than one CMS available on campus. Larger schools, with good reason, were more likely to offer multiple CMSs as opposed to small schools. WordPress was one of the most popular secondary CMSs, probably as it sees significant use as a blogging platform, rather than primary site CMS. In fact, the secondary CMS reports showed additional penetration by other open source CMSs as well, like Joomla and Drupal. These systems will generally prove easier to deploy in a supplementary capacity since they usually have shallower learning curves and quicker turnaround times.


By and large, schools host their own CMS. I believe this is perfectly reasonable, since we normally have access to heavy iron more than capable of hosting a web server, and we’re connected to pipes with equally available bandwidth. The largest exception was OmniUpdate, which was mainly hosted by the vendor. They made up 75% of the responses that said they were hosted by their vendor. Of OmniUpdate users specifically, only one-third host it themselves. It should be noted, however, that this is intentional on their part.

Over half the schools (53%, 58% when unknowns are excluded) host only 5,000 or fewer pages. There was significant dropoff after 100,000 pages. This data roughly mirrors the demographics of survey respondents – 65% were from schools of 10,000 students or less. Small schools are more likely to have fewer pages, 75% have 10,000 pages or fewer versus 51% of large schools.


High traffic sites might be concerned about the number of pages they can serve without taxing their hosting resources. Surprisingly, if you serve over one million pageviews in a month, you are in the minority of universities. Note that some systems, such as Cascade, do push publishing to a second server, or others might have something like a Squid proxy running, so the CMS itself isn’t necessarily responsible for serving pages to a visitor. These statistics do not take that difference into account. Also of note, nobody serving over one million pages a month reported using WordPress or Drupal (correction: three different respondents reported using Drupal in cases over 1,000,000 pageviews).

One quarter of respondents don’t make usage of their CMS mandatory. About half (47%) do, with another 28% having flexible rules. It would seem the trend definitely is towards trying to get people to use a central system. A slightly higher percentage, 35%, of larger schools don’t make CMS usage mandatory. Otherwise, statistics between large and small schools are relatively similar.

An interesting result, there appears to be relative consistency in the number of contributors schools have at each level, with a peak between 101 and 250 users. Only seven systems were being reportedly used with more than 500 users (each with only one vote): Contribute, Luminis, Plone, OpenText, Cascade, Ironpoint, and Drupal. The average satisfaction with a CMS appears to drop over 500 users as well, dropping by half a point among those users.

“Choosing and implementing a CMS can be done within a small organization like ours. However, getting the culture to change to accept distributed ownership of web content is much tougher!”
~ Survey comment

Regardless of the reason why, almost three quarters of users surveyed said they’d use the same system again, whether because they just liked it, or because it would be better than risking a switch to a worse system. The rest would either switch because they want a better system, or because options now are better then when they first deployed their current CMS. This metric didn’t take into account those who might be on the fence as to what they would do. Large schools were more likely than both small schools and the average to reuse the same system. Users of Contribute and custom/homegrown CMSs were most likely to want to change (71% and 62% respectively). That doesn’t include Serena Collage users, all of whom would change for obvious reasons (the product is no longer being supported).

“The real answer to the question about whether we would choose the same platform again from us would be: We’d do another analysis before concluding anything. Since we haven’t done that in ~4 years, for now we’d stick with what we have, but if we were really considering things again, we’d spend several months on a market analysis before concluding anything.”
~ Survey comment

Overall satisfaction was rated on a scale of 1 to 10. No conditions were set on how to rate the satisfaction, so this is very qualitative. The average score was 7.04. Contribute failed miserably out of all the CMSs (based on a minimum of five schools reporting usage). OmniUpdate took the crown, doing better than a 9 overall. Reason, a PHP based open source CMS developed out of Carleton College, came in second at 8.6, and dotCMS took third at 8.08. Schools using custom or homegrown solutions were more than a point under average, falling below a 6. Smaller schools were more likely to give higher marks to their CMS, though the total average score swing between large and small schools was only about a quarter point.

Top three paid CMSs*:

1. OmniUpdate
2. Hannon Hill Cascade
3. Ektron

* Based on reported satisfaction, minimum 5 ratings

Top three open source CMSs*:

1. Reason
2. dotCMS^
3. Drupal

* Based on reported satisfaction, minimum 5 ratings
^ dotCMS does offer a paid enterprise branch

Top three used CMSs*:

1. OmniUpdate
2. dotCMS
3. Cascade

* Based on number of surveyed schools using them, excluding custom and homegrown CMSs
If you download the raw data, you can read all the comments, pros, and cons people listed with each system. For the sake of brevity, I only included a couple here. This article will be followed up in the coming weeks by several guest posts discussing all the top used CMSs to give you a look inside other people’s experiences. In those posts, we’ll include some of the specific pros and cons that survey respondents submitted. Direct your thoughts and questions in the comments below, and we can continue discussing any of the metrics you’d like to.

[Results] Higher Ed CMS Usage by Michael Fienen is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.
Based on a work at doteduguru.com.

The content of this post is licensed:

---

About the author

Michael joined Pittsburg State University in Pittsburg, KS (NOT Pennsylvania, they spell it wrong anyway) in 2006 and is currently the Director of Web Marketing.  He is also CTO for the interactive map provider nuCloud. Web development's role in interpersonal communication is a principle focus of his efforts to improve and enhance higher ed web commodities.  He is an active supporter of the dotCMS community, accessibility advocate, freelance consultant, frequent speaker at web events, and general purpose geek who wears many hats.  Read his complete bio.

Read More

Choosing the Right CMS for Your Higher Education Institution

Jun. 03, 2010

Under: Higher Education

With education budgets getting tighter and tighter, and the number of responsibilities and possibilities available for university web departments growing, the typical work load for higher education web professionals has dramatically increased over the last few years, and it doesn't look like it's going to slow down anytime soon. On top of that, the newer applications like mobile web marketing and social media are continuing to become more popular and education websites are under more pressure than ever to compete.

Most universities know that to stay competitive on the web today, an institution needs a dynamic website with significant social media functionality to ensure that your website is up-to-date, that your content is fresh, and that you provide web-savvy students the information they need in a format they like and recognize.

More often than not, the answer to getting your website to the level it needs to be at is to introduce a web content management system (CMS). An effectively implemented CMS can help you create and edit your content quickly and easily, keep your website relevant and the distribute the content development workload so it is no longer in the hands of and over-worked IT or communications department.

Sounds like a good idea, right?

If you think a CMS might be right for your higher education institution, here are a few tips on how you can choose the right CMS to meet your needs:

1. Define organizational goals. Once all the stakeholders in your institution are ready for the change to a CMS, it’s important to define the key goals of each department, faculty and the institution as a whole and  to communicate those goals between the future CMS users. Once these goals have been established, you can start deciding what functionality can help you reach those targets, and how you will track them to measure your success.
2. Prepare a new content strategy based on distribution. Your new content management strategy will be based on a distributed model rather than a centralized one.  One of the most beneficial features of a CMS for education is that it puts content creation into the hands of multiple individuals rather than one web or communications department. However, this will affect your content development strategies and plans, and will require communication/training on proper content development so that you can ensure you have proper brand consistency in place and that you understand how you are going to define workflow and approvals across departments and how you will maintain scheduling ownership.
3. Do your research, and understand what you need. It is important when you are evaluating vendors that you are looking at solutions which have the core functionality that you actually need. Many CMS vendors offer products that are much more complex, or too simple for the goals that you want to accomplish. Before looking at possible solution, it is a good idea to do a comprehensive analysis of what your needs are as an organization based on the goals you defined earlier. Choosing a solution that has the correct functionality to meet your website’s targets can ensure that you end up with a product which effectively meets all of your organizations needs. 
4. Don't focus solely on the technology.  The most important feature of a CMS is that is allows non-technical users to edit and create content more easily. To focus solely on the technological aspects of a CMS rather than the user experience it provides, is counteractive to your goals and the benefits of implementing a CMS in the first place. Make sure that when you’re choosing your CMS you focus on the product's user interface, support system, help and the overall user experience, rather than the more technical aspects (although those are still important).

Bonus tip: another final point that I'll add that can be beneficial depending on the size of your institution, is to choose a vendor that offers a solution which is targeted specifically towards the higher education industry. These CMS products can have additional education-specific features that more general content management systems don't provide,  which can help make your site more appealing to your target audience and lower implementation costs.

Read More

10 most common security vulnerabilities in web applications

Problem A1: Unvalidated Input

How Plone handles this: All input in Plone is validated, and the framework makes sure you can never input data that is not of the required type. This is probably the number one reason why Plone sites — even when deployed and developed by people new to web security — are not compromised.

Problem A2: Broken Access Control

How Plone handles this: Plone is based on the well-proven (7 years in production), flexible and granular ACL/roles-based security model of Zope. In addition, Plone utilizes an innovative workflow-based approach to security, which means that end-users never see or modify the security settings — they only work with security presets that have been supplied to them by the developers of the application. This greatly reduces the possibility of misconfigured security settings.

Problem A3: Broken Authentication and Session Management

How Plone handles this: Plone authenticates users in its own database using a SHA-1 hash of their password. Using its modular authentication system Plone can also authenticate users against common authentication systems such as LDAP and SQL as well as any other system for which a plugin is available (Gmail, OpenID, etc.). After authentication, Plone creates a session using a SHA-1 hash of a secret stored on the server and the userid (HMAC-SHA-1). Secrets can be refreshed on a regular basis to add extra security where needed. Note: Older Plone versions (i.e. before Plone 3) use a less secure method where a session cookie containing both the loginname and password for a user are used. It is highly recommended to enforce use of HTTPS encryption for such sites.

Problem A4: Cross Site Scripting

How Plone handles this: Plone has strong filtering in place to make sure that no potentially malicious code can ever be entered into the system. All content that is inserted is stripped of malicious tags like <script>, <embed> and <object>, as well as removing all <form> related tags, stopping users from impersonating any kind of HTTP POST requests. All destructive operations (like deletion of content) and privilege elevation (roles, permissions) are checked to be valid HTTP POST requests in addition to the usual security checking. On an infrastructure level, the TAL template language used to create pages in Plone quotes all HTML by default, effectively preventing cross site scripting.

Problem A5: Buffer Overflow

How Plone handles this: Buffer overflow vulnerabilities are not known to exist in the current versions of Python, and is usually more common in systems based on languages that do not have strict checking for this, like C.

Problem A6: Injection Flaws

How Plone handles this: Injection flaws are most common in systems that use SQL databases for content storage. Plone does not use a SQL database by default.  When setting up SQL databases with Plone, they always communicate through a standard SQL connector that neutralizes injection attempts automatically.

Problem A7: Improper Error Handling

How Plone handles this: Plone provides almost no error information to site visitors (no stack traces, etc.).  When there is an error, Plone logs the error internally. All the front-end user will see is the log entry number of the error, allowing the error to be located in the logs if it is reported to the site admin.

Problem A8: Insecure Storage

How Plone handles this: All the cryptographic methods in the Plone stack have been exposed to public scrutiny for years and have no known vulnerabilities.

Problem A9: Application Denial of Service

How Plone handles this: The most common setup for a Plone site is to to deploy it behind a caching proxy like Squid, Varnish, Apache or IIS. When configured in this way, it's very hard to bring down a Plone site with DoS attacks. (Note: In versions earlier than Plone 2.1.4 and 2.5.1, there was a potential Denial of Service attack identified in the error page of Plone, which was unnecessarily heavy. This was fixed as part of a bigger security audit performed in the same timeframe, and the current releases of Plone do not suffer from this problem.

A10 Insecure Configuration Management

How Plone handles this: Plone has very strict security defaults out-of-the-box, and also runs as an unprivileged user on the server. Plone website users do not have access to the file system. Because of these factors, the most common security configuration vulnerabilities in this area are avoided.

Security track record

Measuring or quantifying security risks in software is hard — security is a process, not a product, and thus requires constant vigilance and good coding practices combined with security reviews. One interesting measure is the number of vulnerabilities reported by the MITRE’s Common Vulnerabilities and Exposures database, which is the main source for tracking and naming security issues.
Here are some counts of the numbers of known vulnerabilities and exposures in some common CMS platforms and their technology stacks - also note that the Python/Zope/Plone stack has existed for several years longer than the others mentioned.
The following data was extracted from the National Vulnerability Database, in March 30, 2011. The figures presented represent the total number of occurrences of the term searched, with the numbers in parenthesis representing the number of occurrences in the past 3 years.

• Plone/Zope/Python stack:
• CVE Entries containing Plone: 13 (9)
• CVE Entries containing Zope: 27 (9)
• CVE Entries containing Python: 111 (65)
• PHP-based stacks:
• CVE Entries containing Drupal: 371 (269)
• CVE Entries containing Joomla: 653 (441)
• CVE Entries containing MySQL: 282 (84)
• CVE Entries containing Postgre: 82 (22)
• CVE Entries containing PHP: 18,859 (5,813)
• Other stacks:
• CVE Entries containing Perl: 3,835 (1,780)

These numbers do not prove anything by themselves, of course, but do suggest a general trend and are a good approximation of our security track record compared to other systems.
One should also note that when installing a CMS stack, one should consider the security records of all stack components (including add-on products and modules). That means if a CMS requires an external database server, the security of that server should be considered in addition to the security of the CMS system itself.

Read More