This lists the permissions of the Joomla user groups, separated in frontend and backend.

SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application

Here’s a link to a great reference against SQL Injection attacks: how to recognize the flaws and fight them!

Here are two great presentations, published on the Arno Zijlstra blog.

The first, made by Mitch Pirtle (one of the Joomla founders) is a 10 minutes talk about the Web site branding. At the end of the presentation, Mitch tells us about how templates should be improved by the site designer to improve the branding of a website.

The second, made by Arno Zijlstra (a Joomla founder), talks about Joomla 1.5 template design.

He talks a lot about template overrides, Module Chrome, used to modify components and modules output.
Arno talks about menu management and uses JMenuSite to change template depending on the active menu.

Sometimes you can change how certain elements of the template look like, by setting its parameters in the administrator interface.

Before the 1.5 release, the way these parameters were used was not consistent across different templates, as it didn’t exist a common architecture and each template vendor had to find a way to do that.

Reinventing the wheel is not a nice and smart way to do things, so Joomla 1.5 introduced template parameters. Also used for extension development, these parameters are a great improvement regarding template development.

Let’s try to open the template manager, and select the template RHUK Milkyway. On the right, you can see the “Parameters” box.

As you can see, we have 3 parameters: the first defines the dominant color on the page, the second sets the background color and the third decides the page width.

The template parameters creating is up to the designer, that must declare them in the templateDetails.xml file, add a line to params.ini and manage this value in the PHP code of the template.

There’s a great guide on how to manage template parameters on the Joomla Documentation Wiki, called Tutorial: Template Parameters.

That’s an invaluable piece of documentation that every template developer should print and keep on his desk

As Anthony Ferrara told us yesterday on the Core Team Blog, this squad will be called JSST (Joomla Security *** Team). More details will be uncovered during this week, so stay tuned

That’s a released made to correct a security hole that was discovered yesterday: it seems that anyone could get administrator access using the Password Remind functionality, used to reset a password when it’s forgotten.

After a couple of hours the Joomla Team released an official patch on the Joomla.org website.

CompassDesigns.net was hacked because of this problem.

Every Joomla! 1.5 installation is infected by this problem, that now is of public domain. It’s a good idea to upgrade your websites!

Since most of the Joomla! extensions security issues involve SQL injection, I suggest to read this piece very carefully

The site we’re talking about is a WordPress showcase site, it’s already generating revenue (not a lot I think, if they give it away for free), and it could be a nice prize to win

How to win it? Just write a post about it, like I’m doing now!

I fixed this problem on my blog a few months ago when I discovered it, but 2 days ago I saw a page talking about this and I tried this Google query.. it’s incredible to see how many blogs on the Web suffer this issue.

The solution to this problem is rather simple: all you have to do to stop showing the world how to hack your site is putting an empty file called index.html in the wp-content/plugins directory.

Looking at the SERPs, It’s not a surprise to see blogs such as FreeRangeLibrarian or Speed of Creativity, because they’re not technical blog.. but it’s a BIG SURPRISE to see the Blog Herald listed in the first positions..

For those who don’t know it, Blog Herald is a big network blog that publishes posts from many important bloggers, such as Chris Garrett and Lorelle Van Fossen.

I thought about this a lot, and I concluded that listing the version of the plugins installed on your system is a good idea and it improves security, don’t you think? Otherwise, why a blog such as that, that talks about blogging, security and so on all day.. would make life easier for hackers?

(Irony, of course)