Welcome to WebmasterWorld Guest from 18.104.22.168
Forum Moderators: ergophobe
Basically, our network is to the point we need to move to a custom CMS. We're just spending too much time writing content in Adobe GoLive and we need a lot of dynamic work from DBs and haven't been happy in our current environment.
So I've got a budget, and I've drawn up a pretty good list of specs. I'm about to place an ad in some classifieds and start researching some firms. I've used some freelance auction sites before and had some horrible experiences with some overseas companies, so I'm going to stick to someone either local or within the laws of the United States (where I live).
I was hoping for some tips anyone out there has learned about doing this process. Questions to ask, things to avoid, what not to short, etc. type issues would be greatly appreciated. I have a bad habit of learning things the hard way and I was hoping I could go into this process with my eyes wide open.
I really appreciate the opinions of the community.
"Can I see a demo site of something you've done?" And make sure you see the admin end and it makes sense to you.
- set requirements for basic server stuff - pages that are not found send a valid 404 for example (it's surprisingly common for custom 404 error pages to return 200 OK).
- decided in advance how granular your need permissions to be. What is the lowest level (page edit or possibly partial page edit)?
- maybe hire a third party to do a security audit and write it into the contract that changes required by 3rd party audit are part of the spec. You might even be able to agree on who that third party is in advance. There are some "default" choices that should be acceptable to any developer (personally, if I were the developer, I would consider this free education in hardening my code and would *love* to see this requirement... unless I was told to start over because there's no way to patch the holes I've created).
Also, I really like the security audit idea. One of the main reasons I'm building my own is because I don't trust Open Source CMS platforms in terms of security. It's okay for forums, not for my core.
The problem with the open source apps is
- open architecture that allows for many attack points (i.e. poorly written modules).
- huge user base and identifiable signatures that make it worth mass random attacks.
Then take some pages from the your existing website and tell them to customize right in front of your eyes. Play with the tool in the demo. see your comfort level. I am sure you will meet plenty of gaps and expectation mismatch.
Go in the next round with the firm to improve.
I wouldnt insist on going local for this, you need the best a for custom CMS.
[edited by: ergophobe at 8:10 pm (utc) on July 21, 2008]
[edit reason] Minor edits [/edit]