P. 1


|Views: 25|Likes:
Published by Robin Cesc

More info:

Published by: Robin Cesc on Jul 18, 2011
Copyright:Attribution Non-commercial


Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less





Once you have thoroughly configured and tested your Joomla system, you will want to make it avail-
able to the world of the Internet. The needs of a deployment server are very different to those of the stag-
ing server. With a deployment server, you are concerned primarily with security and performance. Many
settings that are perfect for debugging can provide potentially compromising information about your
Joomla system to hackers.

Additionally, most of these configurations that help you to find problems in your system will also slow
down its ability to quickly serve Web pages. By streamlining the configuration, you can obtain substan-
tial performance increases.


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 42

Default Accounts and Passwords

You should systematically check and change all of the default accounts and passwords on the system.
When a hacker tries to breach a system, those accounts and passwords are known points of entry and
as such, will often be the first place to try.

Default accounts and passwords include the following:

MySQL—The rootuser is generally the superadministrator of the server. Many default instal-
lations leave the password to the account blank. Be sure to change the default password. You
might also consider creating a different superadministrator account and limiting the capabilities
of the root.

Joomla—The default superadministrator account for Joomla is named admin. Consider chang-
ing the user name to jadminor something of the sort so that a hacker’s first guess will not render
half of the username/password pair.

MySQL includes fairly robust security, but even the access path for MySQL access by Joomla is stored in
plain-text files on the Joomla server. Therefore, you should change as many possible variables from the
defaults to minimize the possibility of educated guesses that may lead to the penetration of your system.

Error messages can provide clues to the internal structure of your Web site, including folders, databases,
tables, and so on. While messages are critical for debugging on a staging server, on a deployment server,
they give a potential window into your system. Therefore, make certain that any display of errors is min-
imized for your final deployment installation.


Joomla installation and configuration can often seem straightforward until you run into a problem. This
chapter has provided an overview of the ways to install and configure Joomla by doing the following:

Understanding the configuration settings of the Apache server through the httpd.conffile
and the various directives that can help you streamline your Joomla installation.

Improving the performance of the server by modifying the debugging and logging settings. By
increasing the amount of logged information, you can more accurately determine the source of
problems and potential problems.

Refining the PHP installation by changing settings in the PHP.inifile. Changing the PHP set-
tings can prevent timeouts and help maximize security.

Realize that any example password settings used in this book should be changed
as well. This is a published work and, as such, publicly available. The accounts and
passwords in this book may at some point be added to the standard hacker password
dictionaries for automated testing. At a minimum, be sure that any passwords you
use from this book are changed before your site is deployed.


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 43

Examining a comprehensive MySQL installation that can help you use the data stored in your
database for everything from reporting to a custom password reset.

Adopting a staging server so that comprehensive testing and debugging of a Joomla site is
possible without exposing the system to the slings and arrows of the outside world.

Upgrading the staging server installation to a full deployment configuration.

Fine-tuning the configuration of a Joomla site includes much more than streamlining the server perform-
ance. The visual aspects of a site presentation can be a key factor in representing a Joomla site as a profes-
sional and substantial information portal. Chapter 3 will help you create an attractive custom template
that you can use as a foundation for creating your own templates in the future.


Chapter 2: The Finer Points of Installation and Configuration

33941c02.qxd:WroxPro 8/25/07 1:30 PM Page 44

Developing Custom

Joomla’s ability to use templates is one of the key reasons for its widespread adoption. A site that
appears mediocre can be transformed into a fantastic Web presence with the five-minute installation
of a professional template. In fact, a flourishing segment of the Joomla market is the commercial tem-
plate market. There are literally dozens of companies offering templates for sale. Many of the sites
use a monthly subscription model, where a subscriber may download any template available there.
This model ensures that new templates are always needed to keep the subscribers interested.

In this chapter, you’ll learn to create a template from scratch and use stylesheets to provide com-
prehensive layout features. Most free templates include only a single page that’s used throughout
the site. For a more professional presentation, you’ll learn how to create a template family where
multiple stylesheets are used together to provide a cohesive image or brand for a Web site.

Before you begin creating templates, it may be useful to review the structure of one. Since the gen-
eral structure varies little from template to template, a thorough understanding of template organ-
ization can make designing your own templates, or editing existing ones, substantially easier.

You're Reading a Free Preview

/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->