This is the second in a series of blog entries regarding why we, at Lucidus, decided to switch from Joomla to Drupal for our primary content management system. This one is about security...
Robust, Tightly Integrated Security
The Joomla security infrastructure was extremely limited in terms of configuration options.
In most cases, our clients will have a handful of authors/editors for their site that need to "own" a specific section of the site. For example, an insurance company may have one group that controls Personal Insurance content while another controls Business Insurance and a third
is specifically responsible for writing occassional press releases. For compliance purposes, editors have to be restricted to only editing their own pages.
This was simply not possible (easily) within Joomla.You get a handful of predefined security levels and there is no way to simply add arbitrary "groups." Moreover, even if you could live
within the groups given to you, there was no way (without applying a 3rd party "hack" module that would limit security patch applications) to limit a particular group or user from editing a specific section. It was an all or nothing thing where either they could edit content or
In Drupal, user groups can be arbitrarily created. There are a WIDE variety of security modules that can be applied by page, topic, book or even form field. This makes a huge difference in the types of sites (e.g. intranet, document management system, etc.) we can deliver.
Moreover, when building custom nodes (using CCK), the security is natively integrated. If we custom code our own module, it is simple to leverage the security groups and create arbitrary permissions for our own module that show up in the core administrator.
All in all, Joomla would score a 2 out of 5 in my mind. Drupal would be on the order of 5 out of 5
Powered by ScribeFire.