Joomla! Web Security
上QQ阅读APP看书,第一时间看更新

Using the Ravenswood Joomla! Server

The other tool that you can use to set up a test environment is the stand-alone server environment for Joomla! packaged in GNU form by www.ravenswoodit.co.uk. This tool, which is extremely popular, is a self-contained, MySQL, Apache, Joomla! environment that runs on your Windows Desktop.

Using the Ravenswood Joomla! Server

As you see in the graphic, the Joomla! site is running on my "localhost", which in this case, is my XP desktop.

Using the Ravenswood Joomla! Server

The setting up of this is very easy and quick. You launch it by clicking START.BAT; this fires up the Apache, MySQL, and Joomla!. In about a minute, the browser opens and you have a completely self-contained Joomla! site to test and develop on.

You as the developer, have full access to any part of it, allowing you to "clone" out the site when you are done. This tool is HIGHLY recommended for your test environment.

One note of caution: If you are running this on your Windows desktop, STOP the IIS service if running. The instance will generate an error if IIS is running.

Roll-out

You've tested your patches, changes, upgrades, or whatever you have. You have also crafted your documentation, and re-tested your disaster recovery plan. You have obtained the client sign-off where necessary, now that the project or fix is ready to go live.

Now what? Now you will deploy it.

The steps necessary to deploy fixes, changes, or new installations to create a highly secure environment are as follows:

  1. Define what a successful upgrade is.
  2. Make sure you and your team are all in agreement on tasks.
  3. Assign tasks to team members. An example is assignment of BACKUPS.
  4. Set a scheduled time for the upgrade; the best time is when you have low periods of traffic.
  5. Craft a rollback plan in the event of something that does not work as planned.
  6. Write out the steps to do installation, with the documentation you created using the Lighthouse SDM tool.

    Example:

    • a. Copy new extension over to the site.
    • b. Install new extension from Document xyz123.
    • c. Down the site.
    • d. Install extension, test.
    • e. If everything is fine,—turn on the site.
    • f. If everything is not fine,—refer to the rollback plan.
    • g. Close the project.
  7. Make a complete backup of all files, folders, and the database itself from the current site.
  8. Conduct tasks (see step 6).

Our steps for testing the security are strict, but workable. They are rigid, yet must remain flexible because as we resolve vulnerabilities, we will encounter more.