Getting back into some web development once again. I've been playing around with some simple CMS applications for blogging, etc. On one new site, I installed Pixie, which seems to be a nice solution (plus I just like trying out things that are of British origin).
On the new micro server, I installed tinyCMS to try it out. Getting it setup and working properly can be a topic of another post, but I was doing a little research on the security of the application. Seems it does have some documented vulnerabilities, along with WordPress and the TinyMCE editor.
In the course of looking at this, I came across this post that suggested some things to help make the PHP more secure. Specifically by disabling these functions in the php.ini:
disable_functions = create_function,gzinflate,eval,base64_decode
Good reading and never hurts to a least try to keep the sites a little more secure.
