This Week in devot:ee #35 - September 13, 2012

September 13, 2012
by Ryan Masuga

The week we improved our overall site security and see seven new add-ons, bringing our total catalogue to over 1,700.

Recently Rolled Out

Better Security

This week we increased devot:ee's security by moving a lot of things above web root, including the system folder (see the ExpressionEngine docs on Moving the System Directory Above Webroot). This process, along with additional tips and tricks, is also covered in Securing ExpressionEngine 2 by Mark Huot, from Mijingo, which I re-read before going through this big shift. 

devot:ee is hosted at EngineHosting. It was a bit tricky reconfiguring the site so that the system folder (among other folders) is outside of the public folder, but also keeping our account directory simple so when we deploy to our dev site and our live site we're not deploying to the same directory. We ultimately solved this problem with a couple symlinks after an enlightening email discussion with two very smart and helpful fellows: Greg Aker (@gaker) and Nevin Lyne (@nevinlyne). Thanks to both of them for their help. We feel so much better about our site security now.

New Add-ons This Week

  • Ministash (for EE1) by Dibeja
    The Ministash Plugin is aimed to give EE1.x users the opportunity to use partials and layouts.
  • Export Members ($) by Drez Design
    Export member registration data and custom fields to an Excel spreadsheet.
  • Nerdyform by KeesTM
    Forms for hackers. Allows full EE template parsing in your email templates. Configured via template tags.
  • GWcode FileInfo by Leon Dijk (GWcode)
    Get information about files on your server.
  • Reword by Jean-Francois Paradis
    An equivalent to translate() or __() in Wordpress which translates a given string using a dictionary. This implementation can also handle placeholders (eg: Hello %s) and can translate dates formats (eg: Today is %d).
  • Shortlist ($) by Joel Bradbury
    Shortlist is a quick and painless way to allow site visitors to create lists of items on the fly. Shorlist lets you add anything to a list. User's don't even need to have accounts with your site to create, keep and share their list.
  • Redactee ($) by Jack McDade (Lobster War Machine)
    Redactor, the wonderfully simple and lightweight WYSIWYG editor is now lives as an EE Fieldtype, under the secret identity known as "Redactee". Use it as a Channel Field, Matrix Field, a Low Variable Field... even in Safecracker. Simple to use, feature-rich, and smooth as butter. Supports image browsing and image / file uploads, even to Amazon S3.


Todd Richards 09.13.12

Todd Richards

Moving the system folder above root is something I’ve been planning on doing.  I’ve got Mark’s Securing EE 2, but haven’t gotten around to going through it - yet.  It would be awesome if you would care to elaborate on anything “extra” that you ran into!  :)

Ryan Masuga 09.18.12

Ryan Masuga

There is almost no extra effort in moving the system folder above web root. It is very simple to do and we haven’t run into any issues.

You must be registered member to comment. If you're already a member, log in now, and if not go register (it's free and easy!).