Communications of the ACM

Home/Magazine Archive/December 2009 (Vol. 52, No. 12)/Security in Dynamic Web Content Management Systems.../Abstract

Virtual extension

Security in Dynamic Web Content Management Systems Applications

By Ganesh Vaidyanathan, Steven Mautone
Communications of the ACM, December 2009, Vol. 52 No. 12, Pages 121-125
10.1145/1610252.1610284
Comments

View as: Print Mobile App ACM Digital Library Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook

The processes behind corporate efforts to create, manage, publish, and archive Web information has also evolved using Web Content Management Systems (WCMS). WCMS allow teams to maintain Web content in a dynamic fashion through a user friendly interface and a modular application approach. This dynamic "on-the-fly" content creation provides Web site authors several advantages including access to information stored in databases, ability to personalize Web pages according to individual user preferences, and the opportunity to deliver a much more interactive user experience than static Web pages alone.

¹¹

However, there are distinct disadvantages as well. Dynamically generating Web content can significantly impact Web server performance, reduce the scalability of the Web site and create security vulnerabilities or denial of service.

¹¹

Organizations are adopting information technology without understanding such security concerns.

Moreover, as Mostefaoui

⁷

points out, even though many attempts have been made to understand the security architecture, a generic security framework is needed. Recent research amplifies the concerns and benefits of security in open source systems.

However, there is a need for organizations to understand how to evaluate these open source systems and this paper highlights how an evaluation technique in terms of security may be used in an organization to assess a short list of possible WMCS systems. This article focuses on security issues in WCMS and the objective is to understand the security issues as well as to provide a generic security framework.

The contributions of this paper are to:

1. Integrate the goals of security with eight dimensions of WCMS,

2. Specify how to secure the eight dimensions of WCMS,

3. Formulate a framework of security using this integrated view of security goals and security dimensions, and

4. Address the security of the Web architecture at WCMS software application level using the framework and evaluate security features in popular WCMS used in the industry.

The full text of this article is premium content

No entries found

Log in to Read the Full Article

Sign In

Sign in using your ACM Web Account username and password to access premium content if you are an ACM member, Communications subscriber or Digital Library subscriber.

Need Access?

Please select one of the options below for access to premium content and features.

Create a Web Account

If you are already an ACM member, Communications subscriber, or Digital Library subscriber, please set up a web account to access premium content on this site.

Join the ACM

Become a member to take full advantage of ACM's outstanding computing information resources, networking opportunities, and other benefits.

Subscribe to Communications of the ACM Magazine

Get full access to 50+ years of CACM content and receive the print version of the magazine monthly.

Purchase the Article

Non-members can purchase this article or a copy of the magazine in which it appears.