Joomla 1.6 already demonstrates the ability to add your own user groups and access levels.  Recently the groundwork for the new permissions system was completed and is ready to showcase.

Joomla has three levels of caching that can be used to speed up your Joomla 1.5 Web site (up to 8 times faster under ideal conditions).  The new feature article Joomla Caching Explained outlines in detail how Page, View and Module caching can be used in Jooomla Web site to improve responsiveness.

Joomla provides you with many options by which to display an article.  However, did you know one of the most underutilised options is the fact that your article can hide its own "Intro Text"?  The teaser you see in a blog layout, or a newsflash module, can be different when you actually display the full article - just look at this one.

The video and notes to Andrew Eddie's presentation to the Joomla User Group Brisbane (7 July 2009) on current state of Joomla 1.6 are now available.

A common request from Joomla web masters is the ability to remove the generator meta tag from the source output of the site.  This is usually for security reasons to make it less obvious that the site is running Joomla.  The generator value is really easy to modify and remove with one line of PHP code.

Session storage is a very important aspect of web applications. In its simplest form, a PHP session allows data to be stored temporarily on the server and accessed throughout a user's time on the site. When that user leaves the site or is inactive for a certain amount of time, the data is destroyed. While anonymous sessions are common, sessions are usually associated with user logins. When a correct username/password combination is entered, a session is created around that user's access information and then read and checked every time that user loads a page. As a developer, you can access this session functionality to enhance your extensions.

Debugging PHP applications has always been a bit of a challenge, as the environment is so distributed. At the minimum, there is a web server, the PHP interpreter, and the web browser. While there are tools that add debugging environments to PHP (such as XDebug), you don’t always have access to install them on the server you’re working with.

Fortunately, you can gain some reasonable debugging capabilities through FirePHP. When you want to dump objects or variables back to your browser without having to do so in your HTML, FirePHP is ready for the task. It can also be used to handle code traces and PHP errors.

FirePHP is both a Firebug extension and a PHP library. When the PHP library is in place, special HTTP headers containing JSON objects are created. Firebug reads the HTTP headers, decodes the JSON, then shows the variables in the console. Since the output body is unaffected, it is extremely useful for debugging XML, JSON, PDFs, images, or other non-HTML output generated in PHP.

Today's security topic is inspired by a recent exercise I went through - testing a server for PCI compliance. For those who are not aware PCI is a security standard for accepting credit cards.

According the website for PCI they state their mission as follows:

"The PCI Security Standards Council’s mission is to enhance payment account data security by driving education and awareness of the PCI Security Standards. The organization was founded by American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa, Inc."

I started HowToJoomla on September 8, 2006 with a post about Must-have Joomla! components. In that time, the site has seen 120 new articles, 3 different designs, and 5 guest writers. We've seen the site grow from a one-man blog/tutorial site to a 50,000 unique visitors-per-month, 5-writer team of Joomla! experts sharing insights, tips, and tricks on our favorite web content management system, Joomla!.

As we look toward the future of HowToJoomla, we realized that the current design just wasn't going to be sufficient to fulfill our vision of providing useful, accessible information to the Joomla community. To that end, I am pleased to announce the upcoming launch of HowToJoomla 4.0! Here is a sneak peek of the new site.

Something I have run into frequently during module development is the need to allow multiple instances of that module on a single page. Joomla!, of course, handles 99% of the work involved, but there are a few tricky aspects to making this work. One is the need to eliminate styling conflicts, especially in themed modules. If you only use generic classes and then load multiple theme/color stylesheets, the end result can be unpredictable to say the least.

Long-time users of Joomla are quite familiar with content plugins. When you want to take some user-entered text and reformat it into something else, there’s nothing quite as handy as having a content plugin ready to do your bidding.

However, Joomla 1.5 brought some subtle behavior changes. In Joomla 1.0, content plugins act on both articles entered through the Article Manager, as well as HTML entered in user created modules. When a Joomla 1.0 content plugin is recoded for 1.5, the original effect still takes place on content items, but module output is left unchanged.

What happened? Content plugins in Joomla 1.5 are designed to only act on articles managed through the Article Manager. This will seem inconvenient to people used to the old behavior, but there is a good reason for this change. While many content plugins reformat user-entered HTML, others add markup near the article title or just after an article is output. Also, some content plugins are designed to do additional tasks when articles are saved. These actions do not make sense within the context of a module, so content plugins no longer run on them.

While this good in that it enforces consistency, it also poses a problem. Now that content plugins only work on articles, how do you reformat markup coming from modules? Fortunately, there are a couple of workarounds in Joomla 1.5 achieving similar (if not better) results.

"Congressional Web Site Defacements Follow the State of the Union"
- Praetorian Prefect

An interesting problem that we as the US have is our denial of Cyberwar. While this post isn't exactly about that, it's close. Last Wednesday night during or after the President's State of the Union Address, several congressional websites were hacked by Red Eye Crew. Why is this of interest? According to Praetorian Prefect, they were all running Joomla!

Because of it ubiquitous nature, automatic emailing is something that many clients expect. People want to be notified immediately of changes on their sites -- when a new article has been submitted, or a blog comment has been posted. Joomla! already provides some of this functionality out of the box by notifying administrators when a user has registered on their site. You, however, may find yourself needing to implement emailing in your own components. As you may have already guessed, Joomla! provides a very helpful class for this: JMail.

If you've worked with any kind of database-driven web application, you know that HTML forms are the foundation of the user's interaction with the database. Applications use forms to take input from the user and store it or use it to manipulate existing data. Unfortunately, HTML forms can potentially be quite tedious to write. In this article, we will look at a handful of helpful functions that Joomla! provides to save you time preparing your forms.

Happy New Year - How's your patches?

It's about the middle of January of 2010 and in the news, Google was hacked by unknown's from China and Google is considering a few options, including a complete pull out of China. A large search engine in China (not Google) was defaced by the Iranian cyber thugs, Adobe was appartently targeted in the same attack as Google. And in other news the new BREECH report came out from the ITRC showing that overall while breeches were lower than the year before, the number of exposed records was higher. And as I write this article, this just came across my desk:

"Hackers have stolen the login credentials for more than 8,300 customers of New York's Suffolk County National Bank after breaching its security and accessing a server that hosted its online banking system. "
source: http://www.theregister.co.uk/2010/01/12/bank_server_breached/

What does this have to do with your Joomla site? Everything. Today I am discussing patching and patch management with you. For the purpose of this article I am going to refer to my personal favorite work on patching from ProjectQuant - Measuring and Optimizing Patch Management: an Open Model. A must read in my opinion.