North Knight Software

Osxome

About Osxome

Osxome (pronounced: awesome) is a simple journaling or blogging system written in PHP which uses plain-text files. Its primary goal is to be more secure than a database driven journaling system when deployed in a shared-hosting environment.

Security

On a shared hosting server, it is usually trivial for another user on the same server to access your SQL database's password. Because most content management packages rely on a database such as MySQL or PostgreSQL to serve content, a potential attacker might be able to modify the data once he or she has the database password. This makes securing database driven content extremely difficult on a shared hosting server.

While storing content in a database is convenient, it is not necessary. For sites with limited content, and for users who prefer working with plain-text, using the file system as a database is just as efficient. It is also significantly more secure on a shared hosting server. As long as the permissions are properly set, malicious users cannot modify your content unless they access to your account's master password.

This article outlines shared hosting security concerns in more detail: http://shiflett.org/articles/shared-hosting .

Using Osxome doesn't make you completely secure. As well, using database driven software on a shared hosting server is not always insecure. Osxome is just another option, and it protects against one avenue of attack.

Inspiration

Osxome was inspired by Blosxom, and derives its name from that software. The main idea taken from Blosxom is that of using plain-text files instead of a database. While this idea is fairly simple, you may find it to be quite liberating as a user.

Installation and usage

To install Osxome:

  • unarchive it and place it in the appropriate directory on your server.
  • modify the config.php file.
    • if you do not have access to Apache's Allowoverride or mod_rewrite, you may have to use the alternate indHref and viewHref settings.
  • rename the htacess file to .htaccess (note the initial period).
  • create a new file ending in .txt inside of the news directory to add an entry. See the EXAMPLES directory for sample pages.

News file format:

New articles should be placed in the news directory. These files take the following format:

  • The first line is the title for the post.
  • The second line is an optional user name for the entry. Leave this line blank if you don't want to show a user name.
  • The third line is an optional time for the post. It must be in a format parsable by PHP's strtotime() function. If this line is left blank the file's last-modified time on the filesystem is used instead. Note: if this line is used, the config.php's timeOffset variable is NOT taken into account.
  • The rest of the the file is (X)HTML data which will be inserted as the article's body.

The templates for displaying the markup are in the templates directory.

License

Osxome is released under the MIT license. See the LICENSE file for more information.

Download

Download Osxome here.

Designed by North Knight Software Inc, copyright 2010.