Posts Tagged snowcms
Now we really are getting close!
Posted by admin in News and updates on June 20th, 2010
As of last night, I have committed r991, which completes plugin management. That means now plugins can be installed, uninstalled, enabled, disabled and updated… Something I have been waiting to complete for quite some time 
So now we are really close! I hope to have an alpha release soon… You can always discuss at the SnowCMS Dev Forum.
Sorry about the lack of new posts!
Posted by admin in Developer updates, News and updates on January 31st, 2010
I apologize for the lack of posts lately. I have yet to post anymore tutorials on how to use some of SnowCMS’s tools, like how I did with the API class. But don’t worry, although I have not been that active posting here, I have been fairly busy working on SnowCMS.
I recently completed a new tool for SnowCMS, the Form class. The Form class allows you to create forms (if you didn’t notice) that can then be hooked into via the API and changed, without you needing to do any extra effort, you simply make the Form how you want to, and then display it. Right before the form is displayed (or processed), the API runs a hook which allows the modification of the form, from adding, changing and removing fields. In fact, currently the registration form uses this Form class, and the very first SnowCMS plugin hooks into the form and adds a CAPTCHA verification image. It’s very simple to do!
For the time being, I need to get some sleep (it is 12:15AM at the time of this post), but I hope to soon create a more in depth guide to the creation of forms using the Form class.
Cya soon!
Keeping your credentials secure
Posted by admin in Developer updates on January 20th, 2010
One big goal of SnowCMS is providing a secure system, but of course, who wouldn’t want that? In order to keep that system secure, user credentials also need to be kept secure, because if someone gets a hold of that information, especially of a member who has powers, your site would likely become compromised.
So how do we keep your password secure? For starters, the password kept in the members database is salted with your username and then encrypted using SHA1. By salting your password, it helps prevent the use of rainbow tables (You know, those sites that have databases with plain text strings and their encrypted counterpart). Then there is logging in, when you submit your credentials through the log in form, your password gets salted with your supplied username, hashed using SHA1, then salted with a randomly generated string which is done by the server. Your plain text password is deleted before the form is sent to the server. Now, this only will occur if you have JavaScript enabled, of course. Once the hashed password is sent to the server, it takes out your members row, and salts (The last salt generated) the hashed password in the database and hashes it, then compares it to the one received from you. If they match, that means your password is correct.
Securing your password before being sent to the server might seem a bit overkill, but it can be very useful. As you never know, someone could be logging POST data, which would contain your log in credentials. All they would get would be your encrypted password which is salted with a randomly generated string. The only way they could ever use that password to log in to your account would be if the server were to generate the same random string, which is highly unlikely.
There are two ways that SnowCMS keeps your password from ever being seen by human eyes, but there is still one more. Cookies! No, not those kind, the Internet kind. With every page load, your browser sends the cookies to the server, where they can then be used to identify whether or not you are logged in. Instead of sending your password just with your username salting the password, there is also a randomly generated hash in the database that salts your password in the cookie… Just in case
Not all people have access to SSL, which would stop such possible attacks, which is why we at SnowCMS have decided to use such tactics to protect not only the system itself from security issues, but also the people who use our system as well.
Just a reminder, the SnowCMS Dev Forum is now open to the public, if you are interested in having part in the development, or just like to see what is happening, you should come and join us.
Till next time, cya!
Lots of pondering going on
Posted by admin in Developer updates on July 29th, 2009
Right now Myles and I are pondering about quite a few things to put into SnowCMS.
Mod system
Of course SnowCMS will have a modification system, and the dev team and I were thinking about how to do it. Some systems have a sort of API system, where basically every so often, the system will call on some kind of hooks are integrated for developers to latch on to. But there is not much power. Sure it would be simple for use to make, and then updating SnowCMS powered sites would be a snap, we don’t want to take the easy way out 
Other systems allow you to modify all the files themselves. It can be a little more complicated, but it also poses a threat to users if they were to install malicious modifications. Probably pretty unlikely, but hey! It can happen…
Another way is super easy. Not having one at all. Of course, we wouldn’t do that. We have come to a unanimous decision to have file based editing for the modification system. Oh, and did I mention modifications are referred to as ‘flakes’?
Mod security
As I mentioned about allowing people to modify the sources of the system can be dangerous. So how are we as developers going to combat that?
Pretty simple, well, at least simple in concept. What will happen is people will be able to submit modifications to our site (Eventually we will have a modifications database, of course!) and once the team has reviewed it (Either developers, or maybe a modification team) and approved the modification to be done well and doesn’t do anything bad, the file will have its hash taken (SHA-1, most likely) and stored in a publically accessible way (In a database and can have the data retrieved). Now once the modification is uploaded to your site, and once your about to install it, your system will hash the file and send it off to SnowCMS.com. We (well, the server…) will then take that hash and check to see if it exists and is approved in our database. If it is, you will see a message saying the modification is safe and has been approved by the SnowCMS team.
A pretty good idea. Because if that modification which you uploaded to your site was changed in any way, it won’t be in our database. Simple, but darn effective =P.
Updating
Since SnowCMS will feature a modification (flake) system, updating will be pretty straight forward. Once SnowCMS goes gold, whenever an update is out (Like 1.0.1) we will have those updates put into a flake package. That way even when you have modifications installed, you should be able to update pretty easily with little to no errors. But of course, in the beta and RC stage, you will not be able to update via this system due to the major amount of code changes that will occur. Sorry!
BBCode
Like I talked about in previous posts, I certainly hope by either public beta release or when 1.0 goes gold, we will have the new BBCode parser complete. Still working on it.
Well, a lot of information about SnowCMS v1.0. Until next time, see ya! XD.
Topic posting complete
Posted by admin in News and updates on July 16th, 2009
Today I worked quite a bit, and I finally got topic posting completed and working without errors 
Still no replying or editing done yet, but I am working on it!
And about the BBCode, I still haven’t completely finished it, but it is almost there XD.