Security-related suggestions

[finid]

Looking through the list of features that have been implemented so far, I can see entries for managing registered users, banning and unbanning, etc. but nothing about the security of the installation itself.

Knowing that this is still in very early stages, I think this is the best time, if it's not already been discussed, to start looking at features like:

• Detection of brute-force login attempts and how to handle them (IP-blocking, login security & monitoring
• Ability to scan admin or core files for tampering and prevent them from being tampered with
• Email alerts on admin successful admin logins and hack attempt alerts
• Default .htaccess rules that make it hard on bad bots

These are just what comes to mind, but I'm sure the intent is obvious

[shivshankardayal]

As far as security is concerned only two features are there. One is banning bad users and another is recaptcha test for registration. As always I am thankful to you for bringing these points.

[shivshankardayal]

Finid,

Here is a question. Recently Couchbase 2.1 has been released but I see it has been only for enterprise. They say community version will be released later. This makes me sad. What is your opinion of PostgreSQL. The more I read about it the more I like it. I think if Instagram and Disqus can manage to shard and PostgreSQL then I can also do the same with Django PostgreSQL. I have spent only close to 25 days and will not mind rewriting entire stuff in Django.

Respect, Shiv

[finid]

I tend to avoid using any Open Source software that has an EE and a CE edition, especially given the terms for using the EE edition, and that the CE edition at any time may not be at the same production-usable-level as the EE edition.

At this stage, I'll suggest it's best to avoid Couchbase, so this might be a good time to look at other NoSQL options. Have you looked at Apache CouchDB? It was written by the same guy that started Couchbase, so they likely have a lot in common. Modern Forum (https://github.com/andrewrabon/modern-forum) started using CouchDB, but it looks like that project has been abandoned.

MongoDB is another option and it is the most popular NoSQL DB in use. It is a 1-edition software, with commercial support provided by a company founded by the guys that started it. See http://db-engines.com/en/ranking.

Redis is another option. Github uses it. See http://redis.io.

Keep in mind that the choice of DB could limit the adoption of Kunjika, as many potential users are on shared hosting platforms were these NoSQL DBs are not easily accessible. For example, when I was looking to use LampCMS, I could not find a shared host that supported MongoDB. However, given that Cloud hosting is now just as cheap as shared hosting, I don't thing using a NoSQL DB is a big deal

[shivshankardayal]

I would prefer Hypertable as my personal favorite. It seems rock solid and is GPL licensed. MongoDB is flawed, CouchDB is not fast and Redis is not advanced as database as it is in-memory. But again PostgreSQL has advantage of being RDBMS and has all fancy features of SQL. I do not see any website using Kunjika ever becoming bigger than Stackoverflow so PostgreSQL will serve nicely.

[shivshankardayal]

I did a tour for databases and find that nothing really comes close to Couchbase in terms of features and performance. I will stick to it may be download source and go through it if my job allows me. I really appreciate your help Finid in this project.

[shivshankardayal]

Security features are implemented. Please open another ticket or reopen this in case of issues.