This section is still under developement. More information will be available soon.
Our scripts are considered secure, but much of this relies on the website's administrator and its developer. We can push our scripts to the limit, but it all will be for nothing, if someone stores their FTP data in a program such as FileZilla. Read some of recommendations related to script's security improvement:
- After publishing your website you must change name of the "admin.php" file to something else. Make sure to read description of the $config['admin_file'] » variable, stored in the database/config.php file.
- Protect your database - change its name. Learn more about that from the $config['database'] » variable description, it's stored in the database/config.php file.
- It's worth finding an uncommon login and password to the admin panel, that consists of letters and digits and are of considerable length. Often the default login ‘admin’ is adapted by a user - this makes a hack in so much easier.
- Do not save FTP server login data (login, password) in programs such as Total Commander or FileZilla. There are programs of the trojan horses type, which allow the assailants to intercept these data, then they can freely enter your account.
- Check bug fixes in the administration panel. When new security bug fixes are released be sure to implement them in your script. If don't know how to do that, ask your webmaster.
- Be very careful if you want to install scripts or plugins you don’t know. Hackers commonly use such popular scripts vulnerabilities. So we advise you not to install for example any file managers for WYSIWYG editors, because they are often not secure enough and vulnerable to hacks.
We present cookies management information, sending and storing data of people visiting you website.
- Client side privacy - front-end
List of cookies:
- sLanguage - stores information about currently browsed language version of the website. Disabling this cookie makes it impossible to change the language on the website.
- iNoticeClosedX (X is a number) - informs the script whether the message, for example informing about cookies, was turned off/accepted. Disabling these cookies will make the messages always visible.
- poll_X (X stands for a number) - contains information about votes cast in a poll. When disabled, the poll results won't be shown.
The script uses a session variable (sessions), which stores data sever side, logged in user information (users plugin), recorded visit (simpleCounter plugin), phrases used in the system's search tool (stats plugin) and browsed websites (stats plugin).
Data of the person visiting the website are not shared with any other subjects. The exceptions are plugins and modifications, which call scripts on external services such as Google Analytics, Google Maps, Google Translate, Facebook Like Box, Filmy YouTube, etc. Authors of those external scripts should make information about cookies and data stored on their servers available on their websites.
- Administration panel privacy - back-end
List of cookies:
- sLanguageBackEnd - stores information about language version of administration panel of currently browsed website. When this cookie is disabled, there is no possibility to change the website's language.
- sEmail - email address used as a login. Data from this cookie are automatically put in the Email field in the login form. Disabling this cookie causes the email not to be remembered.
- bNoticesDisplayed - contains information about messages in the "Information" section being read. When this cookie is disabled, messages will keep showing.
- iMessagesNoticesTime - stores date of the recently read messages in the "Information" section. When this cookie is disabled, messages will keep showing.
- bLicenseX (X is a number) - stores information about accepting the system's license. When this cookie is disabled, it's impossible to turn off (accept) the license message, which means it won't be possible to use the administration panel.
- iPluginsMessagesClosed - Remembers when the "Close" button is clicked in the "Read the important information" section above the list of plugins. When this cookie is disabled, the list of messages will be constantly developed.
- sSelectedTab - contains the name of recently used tag in the page form, etc. If this cookie is disabled, when page form is revisited, the first tab will be open, not the recently used one.
- iMessagesNewsTime - stores the date of recently read news in the "News" section. If disabled, all news will be marked unread.
- bMessagesNewsClear - contains information about marking news in the "News" section as read. Disabling this cookie causes all the news marked unread.
The system links to the OpenSolution.org server several times to get news, tips (on the administration's panel pulpit), information (security messages), list of plugins and list of bug-fixes. When the data are being downloaded, a query is called and the OpenSolution.org sever saves the IP address (server on which the website is running) and website's URL from which it was sent. Stored data are used for statistics purposes and for verification of the system's legality. Due to safety reasons we will not give the localization of the query to the OpenSolution.org server code. Removing tips, information and news from OpenSolution.org from the pulpit in the administration panel may violate the license »
Remember, that your website developer could install external scripts. Contact him or her to let you know which external scripts are call on your website. Authors of those scripts should make information about cookies and data stored on their servers available on their websites.
License for the system and plugins
Quick.Cms.Ext is released under the license available at free and paid editions license » page. We will inform about licenses for external plugins (not authored by us) when all the plugins we plan on releasing will be published. Until this time, after installing each plugin check out the "plugins" directory to see if there are any new files holding their licenses. We try to select plugins with liberal licenses.
You must be surprised that we're writing about limitations of our scripts instead of praising them to the skies. Well, More »according to our business philosophy, the goal isn't to win customers at any price. Let this section be an example of that.
The system's biggest problem is RAM overfill. We use RAM to store as much information when a page is loaded as possible, because using it is faster than reading a hard drive. In the technical description of the system and plugins » section you will find more information on how our system works and how it uses RAM.
Thanks to our minimalistic approach, the code is very light, very fast and after first running it uses several times less RAM than WordPress, Joomla, etc. Read the performance comparison between our systems vs. competition »
The problem starts when there's a large number pages, widgets and slider. How many? It's hard to determine, because it depends on how much RAM a server allocates for the scripts. It's usually 64 MB or 128 MB, but it's always changing. A few years back it was 32 MB. Second-rate and cheap servers More »can also allocate such small amounts of memory and impose a number of other ridiculous limits. Obviously this should not a problem for small websites, but when a website is bigger, it's a totally different story.
A safe limit is 2000 pages for number of reasons:
- the script loads almost all page data into RAM, except for long descriptions, which every time are retrieved from the SQLite database. If there are no short descriptions, the script will be able to manage several times more pages than if there are descriptions several sentence long.
- lists of pages, widgets and sliders are not paginated in the admin panel. Yes, you can move some of the subpages to a separate list, it will significantly improve the script's performance. In extensive websites, the news are the most numerous pages. It's the same situation when editing a page. List of pages in the "Parent page" option can also be extensive. We've prepared the system so that only parent pages are loaded at first, but after clicking "Show all" you need to wait a moment for all pages to load. Do that if you're going to assign a page to a page that's not a parent page already, but just a subpage. In extreme cases, 2000 pages and more can be inconvenient to handle in the administration panel.
- one server has a 64 MB limit, another 128 MB. This means one server can handle twice as much data. You save tens of euros a year on a server? Don't be surprised at more restrictive limits. These kind of limits are also More »significant when it comes to ability to generate thumbnails for large images. A lot depends on the RAM limit. The more RAM, the bigger images the script will be able to create a thumbnail of. Find more information on this subject in the description of the $config['max_image_size'] » variable.
- the simpler the script and the less complicated plugins, the lesser RAM demand. Just More »loading the PHP files (libraries, functions) takes up some RAM. Luckily in our systems the differences are small. In this case differences in time a page is generated by the script are greater, but even these are not big. We wanted to mention it so that you would know, that it's better to hold off installing all plugins, because it not only makes managing the admin panel more complicated, but also influences performance.
We know from experience, that pages are generated by our script with all plugins installed and 500 pages faster than, for example WordPress with 1 page. We wanted you to be aware of our script's limitations, but in general the RAM overload or to heavy load problems occur in very small number of situations.