Page 1 of 1

Building an XML based website

Posted: Thu Oct 07, 2004 2:04 pm
by kendall
Hello,

I have been asked to build a website for my government and they want to be able to manage the information content on it. Now i am new to xml but would like to experiement with it and build an xml driven site. I am asuming that they do not have any html knowlege so i am thinking about createing and online a content editor that will create xml web pages.

Now i have 2 questions

1. What kind of a security risk can this cause as in instances like this create pages requires me to have umask(0777) which means anyone can access it. What other measures can i use within this method of approach to provide more of a security. Note that the information is not of such a sensitive nature but i dont want no mishaps none the less(would be embarrasing rather than a national security breach).

2. Now i could have gone the normal route and did a database content driven site but i would like to present the xml as a smaller economical option for the purpose of being able to create web page content and probably use the database for a more large scale purpose like if the wanted a forum or some backend storage info facilitiy or collecting data etc.. However i am going to present to options.

For the type of task and the simplicity at the moment for the website im thinking to go XML i have heard that you can use xml and mysql together however i havent found sufficient information on using it any point in the right direction wud be appreciated.

I have ever done a database "content" driven site before so any other advice on would also be good...im researching it as well
'
Kendall

Posted: Fri Oct 08, 2004 11:42 am
by Christopher
1. The only problem with 777 type permissions is if someone other than you gains access to the system (ssh,FTP,etc.). Then they can overwrite the file. If you set write permissions to a specific user or group then someone gaining access to the system would need to also need access to specific accounts as opposed to anonymous FTP or the webserver user (nobody).

2. In PHP, XML is probably better as a source format that is converted into a database or PHP code. XML is slower to initialize and search than the other options. I don't think many people would consider XML simpler that other methods.