Wednesday, 21 June 2017


 Since the dot-com boom of the late 1990s, corporate websites have become a common place for almost any type of company, large or small, across the globe. Almost every enterprise these days needs a website to communicate with customers, partners, shareholders, and so on providing up-to-date information on the enterprise, its products and services. Increasingly, commercial activities and order transactions are conducted on enterprise websites. This paper shows how
Content Management Systems (CMS)helps corporate organizations to achieve this aim, it also shows the advantages and time saving benefits of using a content management system compared to traditional online information updating, a study was also done on joomla and drupal to enable organization choose appropriate content management system for specific web application.




This is to certify that the seminar research on “CONTENT MANAGEMENT SYSTEM ” was carried out by NDUNAKA ALEXIUS UCHENNA, with REGISTRATION NUMBER: CS/12/155, has met the condition of Bachelors of science (B.Sc) degree in Computer Science, Madonna University Okija, Elele Campus. It is hereby approved for its contribution to knowledge.

NDUNAKA ALEXIUS UCHE                       ………….….……….....             ......……………………
               (Student)                                      Signature                                           Date

PROF. KAMGNIA EMMANUEL           ………….………….....…               …………......…………
(Supervisor)                                          Signature                                    Date

Mrs EBERENDU CECILIA-OGU      ………….………….....…       …………......…………
(Acting Head of Department)                         Signature                                     Date




This research work is dedicated to God Almighty, for his love, guidance, protection, underserved grace, the wisdom, strength to complete this report and especially for the gift of life


This Seminar report was completed as a result of support from many people, although not all of them can be mentioned.
I wish to express my sincere gratitude to God for his protection, providence, guidance and above all, for sustaining me.
I am greatly indebted to my ever loving supervisor Prof. Kamgnia Emmanuel for his useful and necessary observation, suggestions, contribution and corrections. I would not have been able to achieve much in this research without your supervision. May God enrich you greatly in every area of life.
My profound gratitude also goes to the head of computer science department Dr. Atabong Timothy Agendia Abenda (PhD), Acting Head of Department Mrs Adanma Celia Eberendu-Ogu and all lecturers of the department of computer science who have taught and supervised me in one way or the other. I say thank you all
Finally i wish to express my appreciation to my parents for bringing me into the world, my siblings and friends especially Ikerionwu Marvis and Stanley Nwosu for their time, support and prayers.


Since the dot-com boom of the late 1990s, corporate websites have become a common place for almost any type of company, large or small, across the globe. Almost every enterprise these days needs a website to communicate with customers, partners, shareholders, and so on providing up-to-date information on the enterprise, its products and services. Increasingly, commercial activities and order transactions are conducted on enterprise websites. This paper shows how Content Management Systems (CMS)helps corporate organizations to achieve this aim, it also shows the advantages and time saving benefits of using a content management system compared to traditional online information updating, a study was also done on joomla and drupal to enable organization choose appropriate content management system for specific web application.

Table of Contents

1.7 GLOSSARY…………………………………………………………………………………………………………………………..12
1.7 ORGANIZATION OF WORK............................................................................................. 8
CHAPTER TWO..................................................................................................................... 10
LITERATURE REVIEW............................................................................................................. 10
2.1 HISTORICAL BACKGROUND........................................................................................ 10
2.1.1 WEB CONTENT MANAGEMENT EARLY DAYS........................................................ 10
2.1.2 WEB CONTENT MANAGEMENT TODAY.................................................................. 11
CHAPTER THREE................................................................................................................. 13
FINDINGS.................................................................................................................................. 13
3.1 CORE FEATURES OF A CONTENT MANAGEMENT SYSTEM..................................... 13
3.2 COMPARING CMS AND TRADITIONAL UPDATING METHOD.................................. 16
................................................................................................................................................ 17
Table 1.0 COMPARING A CMS TO TRADITIONAL UPDATING......................................... 17
3.3 BENEFITS OF USING CONTENT MANAGEMENT SYSTEMS....................................... 17
3.4 LIMITATIONS OF CONTENT MANAGEMENT SYSTEMS............................................. 18
3.5 PRECAUTIONARY METHODS WHEN USING CMS...................................................... 19
    4.3 REFERENCES. 30


Content Management System (CMS) is a software package that is used to manage your website. It is a practical extension of Web design and Authoring.
Once upon a time, when businesses were starting to establish their web presences and visitors had limited bandwidth, many websites functioned as brochures. Users visited these websites, which consisted primarily of static HTML pages, to learn more about products and services. Interaction with the company meant sending an email to the sales representative or finding the toll-free telephone number to call technical support. Today, as visitors grow more webs savvy, and as access to high-bandwidth connections become more prevalent, visitor expectations have changed. Visitors now expect training videos, to be able to connect with other visitors via forums, to be able to find white papers that answer specific questions, and much more. Additionally, as more people from different countries gain internet access, businesses must find ways to globalize their web content. Multinational companies often communicate with geographically and linguistically diverse employees via internal intranets. To help meet these needs, businesses are using Content Management Systems (CMS) in conjunction with other products. CMS are used to perform web administrative functions, manage assets, provide personalization and localization features, and much more. There are many subcategories of CMS.
A Web Content Management (WCM) system has additional features specifically tailored to manage web site content. A Digital Asset Management (DAM) system has additional features to support the ingesting, cataloguing, storing, retrieving, and annotating of digital material. An Enterprise Content Management (ECM) system is usually comprised of a WCM and DAM, and provides additional knowledge management and document management features as well.
Ignorance of the appropriate CMS by individual and organization has led to demise in the technology world which has drastically affected the business world today, this paper attempts to bridge the gap of ignorance in the society



        The objective of this research is to analyse each CMS on the basis of design, performance, scalability, compatibility with different platform security and search engine visibility in order to help individuals and organizations choose appropriate CMS for specific web applications.


This study affords listeners the awareness of the purpose of CMS's and how it will save corporate organizations and web developer’s time when designing a website


My research will give us an inside look, focusing solely on the Web Content Management Systems, my research will bring to our understanding what it does, the functions, areas of applications study of CMS using joomla and Drupal as a case study, comparism of traditional updating and the use of CMS, an open source CMS, benefits of CMS, and advantages, it will also shows the limitations and cautious steps to be taken when using content management systems in order to limit and possibly enhance website security


Due to the diversity of Content Management Systems the scope of this report is limited to Web Content Management Systems, open source CMS it will not discuss ECM's, It will also not discuss post-deployment applications such as Web site personalization, searching, noticeboards and guest-books


Action Menu: A menu of functions that enable a user to take action on a Content Item or Folder. Action menus are accessed by right-clicking on a Content Item or Folder in the Content Explorer. Action menu examples include Preview, Workflow and Active Assembly.
Action Panel: The ability to refer to content using a URL link inside an email, a technical discussion or alternative forms of communication. The URL links to a web page that displays a Content Item plus the equivalent to the Action Menu in the Content Explorer.
Active Assembly Table Editor: A text-only interface that displays the available Slots for a Content Type, and enables users to add, remove, and reorder Content Items within the Slots.
Ancestor: Each dependent Content Item in a Relationship has an owner. The owner of the owner, and its owners, are ancestors of the dependent.
Audit Trail: A list of all Workflow actions for all revisions of a selected Content Item.

Breadcrumbs: A navigational technique displaying all visited pages leading from the home page to the currently viewed page. All pages are linked for easy backwards navigation. Breadcrumbs are typically placed near the top of a web page.
CMS: This is an acronym for content management system. It is a set of development features and applications used to create a framework for storing and communicating content for a specific destination, such as a website. It supports a cycle, or workflow, of creating content, evaluating and approving it, merging it with formatting, and publishing it to a destination. Multiple users can use the same content and reformat it for their web readers.
Community: A group of roles that require access to similar information, including Content Types, Workflows, Templates, Sites and user interface components. A role can be associated to more than one Community, and users belong to all Communities associated with their role.
Content Types: A form for displaying and editing a specific Content Type. Content Types list and display the contents of the System Title field and other fields of a Content Type. Content Type fields may be common to the system, shared by more than one Content Type, or local to that Content Type. A Content Type requires at least one local field.
Content Explorer: The Rhythmic interface used by content contributors to create, modify and transition
Content Items: The interface contains a Navigation Tree which contains Site Folders, Display Folders, Views and Searches. The Display Pane provides access to Content Items and Folders.
Content Item: A unit of content in text image or file format that appears on a web page. Content Items consist of data and metadata.
Content Type: An aggregation of a Content Type, Templates, and related applications. Each Content Type includes metadata fields which provide useful information about that content. Every Content Type has its own backend table in the repository.
Cross Site Linking: The ability to reference and use Content Items that appear under one Site in another Site. Cross Site Linking is accomplished by placing a linked copy of the original Content Item in a different Site. Since the Content Items are linked, edits to one of the documents will also appear in the other. Cross Site Linking is only available when using Site Folder Publishing.
Dependent: The subordinate Content Item in a relationship.  For example, in a Translation Relationship, the Translation Copy is a dependent of the original (owner) Content Item.
Descendant: Each owning Content Item in a Relationship has a dependent. The dependent of the dependent, and its dependents, are descendants of the owner.
Display Formats: A definition of the columns included in the Display Pane when selecting a View, Folder or Search node in the Navigation Pane.
A Display Format: can also define the categories used for grouping below the View or Search node in the Navigation Pane.
Folders: A node in the Content Explorer Navigation Tree for organizing Content Items and sub-Folders. When used under a Site node, Folders can define the structure of the published Site.
Global Template: The definition of common features for pages on a web Site or in a document. Templating enables the developer to create a master Template that can be used in conjunction with local Template items and thus have the advantage of reusability and consistency within the Site.
Impact Analysis: The ability to check relationships that exist on a Content Item, and thus determine any impact if the content Item is modified.
 The Impact Analysis: window displays the owners, dependents, ancestors and descendants of a Content Item.
Item Index: An automatic aggregation of Snippets resulting from a user selected query. These Snippets are placed into a Slot on another Template and updated each time the parent page is assembled. Common uses are lists of the ten most recent Press Releases or Events occurring in a particular month. Often Auto Indexes use additional data, such as a title, provided by the contributor when creating the Snippet.
Keyword: The fields used in the system that have specified values. Keywords simplify the development of Content Types by defining fields that accept a limited range of values, and storing those values in the repository. Using the Keyword Editor, users can define both the keywords and the values assigned to those keywords.
Landing Page:The index page for a specific section of a Site. When a user clicks on a navigation link, the page that the user is directed to is the landing page.

Managed Navigation : A feature that provides implementers the ability to create common navigation without needing complex Velocity or XSL, while creating navigational structure based on the Site's Folder structure. This typically includes top, bottom and left side navigation bars and breadcrumb trails. Managed Navigation is based on three navigation Content Types:
§  Navon - Items used to create navigation menus including breadcrumbs, bottom, side and top navigation, and Site maps.  Each Navon should be linked to a Content Item not used for Navigation.
§  NavTree - Similar to a Navon. NavTree items only reside at the root of a Site. A NavTree initiates the propagation of Navons to every sub Folder in the Site Tree. The NavTree item is generally linked to the Site's Home Page Item.
Implementers and Webmasters can use the Managed Navigation elements to create new sections of the site, move pages from one section to another change the navigational label or image on a section reorder sections, and remove sections from the navigation menu completely.  Managed Navigation is only available when using Site Folder Publishing.
Navon (NAVigation sectiON) :An item that describes the navigation for a single section or subsection of a Site. A Navon typically displays a system name or label, and a landing page. A Navon may also be associated with a NavImage.
NavTree : A Content Item which denotes the root of a Site and is responsible for propagating Navon Items in the Site Folders below the root. The NavTree establishes relationships between each of these Items. The result is a navigation hierarchy linking all levels of the Site together.
Notification: An email message that Rhythmyx automatically sends to a Role when a Content Item enters a determined State.
Owner: The original Content Item in a relationship. For example, in a Promotable Version Relationship, the original item is the owner and the promotable copy is the dependent.
Page: The final output of the Content Assembly process. A page is produced when a Template is applied to an item of content. The Template applies format and layout to that item and aggregates together all other required Snippets. As each Snippet is requested, the assembler processes the Template for that Snippet. Each related Snippet is processed recursively until all required Snippets are generated, and assembled into the right parts of the page. The Content Assembler makes this final page available at any time through a URL. The Publisher uses this URL to extract the page from the system to save it out as a file.
Properties: The metadata associated with a Content Item or Folder. Rhythmyx provides a properties view for viewing a Content Item's properties, and a Folder Properties dialog for viewing or editing a Folder's properties.
Quick Edit: An editing option and a Workflow state that enables a user to easily correct a minor error on a public item. The item is transitioned to the Quick Edit state, where it can be edited. After the edit, the user can return the item to a public state without going through the complete Workflow process. Due to the power of this capability, it should only be granted to specific roles.
Related Content: A Content Item may include other Content Items in its assembled formats or Templates. For example, a Content Item may only hold text content, but one of its assembled Templates includes an image for illustrating the text. The image Content Item that is included in the Template is related content of the text Content Item.
Relationship: An association between two objects in Rhythmyx. Often these two objects are both Content Items, but they can also be Folders. One of the objects is the owner and the related object is the dependent. For example, in a Related Content Relationship, the original Content Item is the owner and the Content Item that is added to one of the owner’s Slot is the dependent. Frequently used relationships include Active Assembly and Promotable Version Relationships.
Revision: A modification to an existing Content Item after that Content Item has been published.
Role: A collection of Rhythmyx users with the same permissions and access. Roles are associated to both Communities and Workflow. A Community role grants members of the role access to the Community; a Workflow role grants members of the role rights to transition or view Content Items in the Workflow.
Rhythmyx Server: Installed as a service on Sun Solaris, Linux, Windows 2000 and 2003 environments, the Rhythmyx Server is the fundamental processing engine of the CMS system and is used to communicate with the back-end repository, Application Server, and Content Contributor clients.
Search: A query that returns Content Items that match selection criteria. Searches can be customized and saved, enabling content contributors to reuse selection criteria.
Shared Template : A Template that is used by more than one Content Type. Once associated with its original Content Type, it is associated to other Content Types by dragging and dropping it within the Workbench. The S –Callout Template in Fast-forward is a shared Template, and is associated with Brief, Calendar, Contact and other Content Types.
Site: The location where Rhythmyx content is published, such as a web site, file system, ftp location, or database. Additionally, Sites are a group of Folders which enable organization of Content Items in the Content Explorer.
Site Explorer: The interface that displays all of the Content Items that are linked together as a virtual representation of a Web site. Content and links can be rearranged in Site Explorer, and Content Items specific Slots can be created or edited.
Slot: A container to control the layout of aggregated Content Items. Each Slot defines a location on the page and the types of content that are allowed within that part of the page layout. When multiple Content Items are aggregated together, a Slot controls where those items appear in the final page.
Snippet: A partially assembled page element generated when certain Templates are applied to an item of content. Each Snippet may contain other aggregated Snippets, as well as formatted content.
State: A stage for a Content Item in a Workflow. In each State, content is available to users in specified Roles, who can apply Transitions to move the Content Item to another State in the Workflow.
TinyMCE: A JavaScript/HTML WYSIWYG (What You See Is What You Get) editor that allows content to be inputted and styled.
Transition: An action that a user applies to a Content Item while it is in a Workflow state. Each Workflow state has specific transitions applied to it.
WebDAV (World Wide Web Distributed Authoring and Versioning): A set of extensions to the HTTP protocol which enables users to collaboratively edit and manage files on remote web servers. Using a WebDAV enabled application; users can contribute content to Rhythmyx without logging into the Content Explorer.
Workflow: A business process that defines a sequence of events. Each Content Type is assigned a Workflow. The Workflow defines and controls the s


For systematic presentation, this work is planned in four chapters. Each deals with a particular aspect or segment of the work.
In chapter one: We start by introducing the topic, which gives an insight and in-depth analysis of the research, which was closely followed by the background of the study, problem statement, aims and objectives of the study, scope of the study, Limitation, Glossary, and concludes with the organization of chapters
In chapter two: We try to review the literature which deals with the historical background of the topic and followed by related  work.
In chapter three: we focuses on the discussion of the topic, which was closely followed by the core features of CMS, comparism of CMS to traditional updating, argument on open source as documented by CGI Group Inc. 2011 and a case study: Scotiabank, widely used CMS Joomla and Drupal, Benefits of using CMS, Disadvantages of CMS, Precautionary method when using CMS
Finally, in chapter four: We summarises the topic, enumerate conclusion and proffers recommendation for the topic.



(Osaze, 2014) In the modern world, we are all used to the idea that we can create our own documents - but if you go back 15 or so years - the only way you could create a website was by understanding 'HTML' - which few did. Products like Dreamweaver and Wordpress were not around - which meant that pretty much if you wanted to have a website (internet, extranet, intranet) then you needed someone with technical skills to write and design it - but not only that - once they had written it you still needed someone technical to change it - as it involved reading HTML code to determine where to add content.
As a result of the above - anyone with a website pretty much ran a 'centralized creation process' for web content. The 'norm' would be that if you had information you wanted on a web page you would send it via email to the 'web team' who would then amend an existing page or create a new one (if you were lucky you would get to 'approve' the page before it went live - if not you just accepted the formatting of the web team).
In early days web Content Management systems were developed to resolve the issue of having highly experienced technical staff adding low level content to a website. In essence, a WCMS was invented to allow non-technical staff to create or amend web pages without the need to involve the technical staff (effectively removing the issue that existed with centralized web teams).
Unlike a traditional Document Management System that does not necessarily enforce a structure on the documents being created - a WCMS typically enforces a structure on the pages being created - often referred to as templates. The structure (representing the layout 'code' for the web page) is typically concealed from the editor or author - so that the only task they have to complete is the insertion of content into a 'blank structured web page'.
While products like Dreamweaver, FrontPage and more recently Wordpress have evolved to emulate the above scenario with features such as drag and drop resulting in the generation of code without technical knowhow.
Today there are very few web content management tools on the market today that talk only about the process of creating and managing content. As the web surfers have evolved to demand enhanced user experiences - driven by using tools like Ebay and amazon - and the dominance of social tools like LinkedIn, Twitter and Facebook in driving what users 'expect' as an enhanced journey - so too have the WCMS tools and with the advent and popularity of Programming and Scripting Languages such as PHP, Perl and Python people saw the need to simplify the process of content management and updating and started to develop software and programs that could take of the increasing needs of web users.
Whilst 'personalization' also referred to as 'segmentation' is not new to the online user experience it has until the last few years been typically very expensive to achieve based on the underlying cost of the CMS tools offering this functionality.
Similarly, WCMS tools now often include a whole array of social tools that are used to create two ways conversations with the visiting audience reflecting the increased desire for users to be able to express opinions freely about a given service or product.

(The beginner‘s guide to content management systems) Clearly state that a good website is regularly updated and grows over time. In this e-book we show you how administering the content on a hungry website shouldn’t be painful.
The question is why use a Content management system, first for easy administration for business that require constant administration say stores like konga , Ebay, blogs etc.  needs a contentment management system because updating manually takes time as you find yourself trying to type out the new changes in the different pages to meet the real time demand of your client, content management system is a backend system that allows you to make changes that automatically reflects across the site hence there is no need for constant supervision
Using a content management system saves additional costs as you no longer need to pay anyone to design and manage your site. It is also very easy to use.
Content management system also takes less space, less data and reduces repetition, it is usually easy to edit as seen in price change, it also facilitate quick page creation as each element require to build a website is stored in the database and hosted on the server
Contents are generated by you but content management system makes it easier as you don’t need to code, the content are written by you but it must be in a time you are not required elsewhere say lecture time, office time, home and official function etc. it is advised that ideally put aside a couple of hours each week to write content or alternatively delegate to employee or business partners
Content management system is secure as it helps you create specific user profile and gives each person permission to change or contribute only to the section of the site you feel is necessary, you also decide whether the contributions are automatically published or whether they pass through an approval hierarchy thus allowing you indulge more employee in the day-to-day running of the site without risking mistakes or inappropriate behaviours.
Contents can be changed from anywhere because content management system is web based
User generated content quality over quantity: content management system supports user generated content which is a popular way for website to grow as it relies on people giving you useful content for free reducing the pressure of you continually providing content
Content management systems allows users enter comments in words, add images, videos and other content through forms and other feature
Content management system is easy to use as it takes your mind away from design, colour, image and layout to more important content which is more important to avoid producing lots of waffle quantity over quality, your content should be what people want to read, you are responsible for what content you put thus place yourself in the customer’s shoes if you were in the market and want to buy a particular product and were using Google for research what do you want to see? What advice will you find helpful.
Useful content are rewarded by higher traffic and use engaging words for your target audience
(MICAN, TOMAI, & COROŞ, 2009) Open Source CMS are an alternative that facilitate the development of online collaborative communities. After studying the theoretical part regarding the application of Web CMS’s, we managed to create a questionnaire on their use. Moreover, we reviewed the main types of Web CMS, programming languages and facilities provided by them. The results have shown that the frequency of use is very high. We also noticed that the programming languages used by most of the users are: PHP, ASP and Java, and the most common content management system used is Joomla Consequently, the most important functionalities are: the existence of an editor that allows the editing of the source code, organization facility for content with the help of tags, import functionalities from different formats as well as the WYSIWYG editor, restricted access and the existence of a back-up system. Similarly, we should consider other functionalities such as: the personalization of user interfaces and content, accessibility from mobile phones, addition of the ping and track-back option, automatic optimization, as well as dynamic pages for search engines. Hence, we intend to in-crease the work sample that would allow the use of econometrics models and the establishment of relations and dependencies.
(Wakode, 2013) Defined content management system (CMS) as a software program that makes building and maintain a website faster and easier. He also stated that the system can automatically pull the content out and show it on the appropriate pages based on the rules you set up in advance and CMS available nowadays varying based on functionality and platform.
This paper discusses about the comparative study of most widely used content management system Joomla and Drupal, it also attempts to analyse each CMS  based on usage, design, performance, scalability, compatibility with different platforms, security purpose and search engine visibility in order to help individual and organization to choose an appropriate CMS for specific web application.
(Thakur, 2015) Defined CMS as a website’s “content” as it is a combination of different components: text, graphics, images, scripts, included files such as flash animations, audio/video streams or downloadable files. All these may be component of one page included in an HTML page using links or sometimes integrated in the HTML page itself.
CMS organize and classify these components by dividing contents from layouts(i.e document template) thus a CMS treats content and layout in separate ways it also allows using the same content in different document and format for different media ( “cross-media publishing”).He also clearly stated some of its functions and advantages and the different types of CMS.
(Region, 2008) They started by summarizing a Web Content Management System (WCMS) is a web application that facilitates a group of users, usually from different departments  in an enterprise, to collaboratively maintain and organize the content of a website in an effective manner. Over the past few years, web content management systems have grown in importance as more and more organizations communicate and publish their information via the web. Like other web-based applications, WCMS’s applications are exposed to the same set of common security threats found in any network and web-based operation or process. In this paper, we will outline the common security concerns of WCMS, and provide a number precautionary consideration. A Web Content Management System (WCMS) is a web application that facilitates a group of users, usually from different departments in an enterprise, to collaboratively maintain and organize the content of a website in an effective manner. Over the past few years, web content management systems have grown in importance as more and more organizations communicate and publish their information via the web. Like other web-based applications, WCMS’s applications are exposed to the same set of common security threats found in any network and web-based operation or process. In this paper, we will outline the common security concerns of WCMS, and provide a number precautionary consideration.
(Inc, 2011) Describes CMS today as not just a simple business tool bus has become a core part of the enterprise. It also describe open source technology as a solution to exorbitant CMS cost because it is a complex enterprise system, they also finalized how institutions-Scottish bank has benefitted from its transactions to open source CMS
Recent Pioneers have embraced open source software to power their enterprise as open source software revolution was ignited by the latest generation of technologist eg an open source project is Linux and software’s like Drupal, Joomla which is a Content management system, while there are plenty open source critics, their arguments and rebuttal was discussed as stated as part of our findings for this report.




In order to provide the functionality required by a complex, large scale, multi-author and dynamic web site then many features are desirable. Some CMS's try to contain them all, but it is unlikely that everything you may need will be available in a single product. It is the authors’ experience that a pragmatic ‘buy and build’ approach is best for the HE/FE sector [4]. The features likely to be of interest to the HE/FE sector are displayed in the ‘Feature Onion’.  To be called a CMS a product or set of tools will, in our view, provide three core functions:
  1. Versioning: so that groups of individuals can work safely on a document and also recall older versions.
  2. Work-flow: so that content goes through an assessment, review or quality assurance process.
  3. Integration: so that content can be stored in a manageable way, separate from web site design ‘templates’, and then delivered as web pages or re-used in different web pages and different document types.
This core feature set is augmented by a list of additional functions that varies significantly from product to product. These additional CMS features can be grouped into the five major categories shown below

User Management: This involves assigning a role to a user, providing access rights and perhaps the level of interaction with the system. This can often use existing authentication schemes
User Interface: Preferably a browser-based application for both content provision and CMS and/or web site administration
Data Sources: These include the managed storage of created content plus external data in so called “legacy systems” Examples include Word, Excel files and images other CMS's Storage methods can be file systems, flat file databases, relational databases and more recently, object oriented databases and XML files. The key is the flexibility of the system to cope with it's intended use. Storage also requires that the data itself is described. This is known as meta-data and creating it should be a requirement of storing content.
Applications: These Integrate the content with existing data and authentication systems, and perform specific software on the content to aid consistency, simplicity and management.
Deployment: Publishing the web site to the live web server(s). Some CMS's do not distinguish between development and production servers, running the web site itself from the same software as the development system, creating pages dynamically on demand. Popular pages can be built in this way and then ‘cached’ in memory or on disc, speeding up future retrieval. Other systems have a strict partitioning of ‘staging’ and ‘public’ environments requiring separate web servers, often residing on separate machines. In this case the entire structure may need to be replicated if all pages are dynamically created. In other cases, certain elements of pages are pre-rendered and published as static content, with only specific dynamic content being accessed via the public server. It can be said that there are almost as many different methods of live publication as there are products available.


Problems With the Classical Approach
Traditionally, technical staff would have to assist a content editor who needs to update a site by translating the content into a suitable web page format (i.e. HTML) and uploading it to the web server on their behalf. This iterative process often led to delays in publishing, and is obviously not an efficient process given the high mutual dependence required between the content provider and the technician. Managing the website updating process is another problems with older approach.
Sometimes a web page may consist of several content areas that require input and material from several different enterprise departments. When more than one person is able to update web pages simultaneously, the problem of logging and tracing “who has amended what” and “what the latest version of a page is” becomes serious.
Web Content Management Evolution
The Web Content Management Systems (WCMS) that have appeared more recently are designed to tackle these problems, and make it easier to collaboratively update a website.
A WCMS is a web application that facilitates a group of collaborative users, usually from different departments across an enterprise, to maintain and organise web content in an effective and manageable way. Web content can include text, images, audio and video. A modern WCMS can also include workflow features so that the creating, storing, and updating of web pages, along with approval sub-procedures, can be streamlined. In addition, features such as versioning, check-in/check-out auditing, and so on are useful for managing and tracking the updating of web pages.
Commercial WCMS products have the following benefits
1.  Quicker response times: making new web content such as marketing materials available on the web is much quicker because content owners can update materials to a website directly, without the need to assign such tasks to technical personnel;
2.  More efficient workflows: requests for changes and updates to a site are simplified under a WCMS framework. Users across different departments can add and apply changes to web content with a pre-defined and agreed-upon workflow process.
3.  Improved security: under a WCMS framework, content is only published after approval by designated supervisors or managers. This reduces the chance of publishing material by mistake, which is usually due to human error. In addition, most WCMS systems provide audit trails of publishing activities all of which help maintain accountability;
4.  Other benefits include improved version tracking, integration with translation servers, and consistency of page presentation through the use of common page layouts and controlled templates.
Web content management has grown in importance over the past few years, and commercial as well as open source WCMS products are now available on the market.


Argument #1: Open source isn’t secure
Is it better to rely on a vendor with limited resources to issue new releases to fix security holes? Or, is it better to rely on a large community of volunteers to issue fixes in a just-in-time model? In the CMS world, many of the popular open source CMS solutions have a proven track record of security and offer sites for reporting security issues, along with resources such as developer handbooks on developing secure applications. In addition, many companies such as CGI are experienced in configuring open source CMS software to have appropriate security levels based on client requirements.
Argument #2: Open source has no real support
For many smaller open source projects this assertion may be true. However, for widely supported open source projects, there is a wealth of information out there. In the open CMS world, Drupal is a good case in point. The Drupal community has hundreds of thousands of members dedicated to all manner of initiatives. There are manuals, tutorials, forums, blogs, videos and more for just about every aspect of the system, from installation and extension to administration. As with security, there are also a number of companies, including (CGI, 2015)CGI, that offer professional services for many popular open source content management systems.
Argument #3: Open source isn’t scalable
The success of Linux, Apache and MySQL has shown that mature open source products can scale to an unlimited extent. Open source CMS solutions power some very large websites. They often provide a flexible architecture that allows developers to “plug in” a solution (such as a cache manager) to address scaling issues, and for those unfamiliar with the options available, the open source community is quick to offer advice.

Argument #4: Open source means I have to give everyone my source code
Licensing models for open source software are not any less convoluted than those found with vendor or partner agreements. For projects that follow the GNU GPL licensing model, the requirement to make the source code available to everyone only applies if you choose to distribute your work. It does not, however, say that you must release any code you develop back into the community. In fact, source code needs to be provided only to the individual groups to whom you distribute your product or enhancements. As with all technology investments, any enterprise considering an open source CMS investment should carefully consider all sides of security and support. Organizations should turn to experienced open source CMS integrators such as CGI to develop the appropriate standards, to help choose and implement a solution that is scalable, and to provide any needed proprietary customizations and enhancements.
Case in point: Scotiabank
Given the numerous commercial and open source solutions available, choosing the right CMS software can be a bewildering and frustrating experience. Scotiabank turned to CGI to help it find the right CMS solution to consolidate and improve the management of numerous costly and redundant micro-sites.
The bank had created a collection of marketing micro-sites to serve particular groups of individuals or lines of business. The challenge for its IT group was supporting the many different technologies used to support these sites. Additionally, because of a lack of reusability, the cost of building these sites remained relatively constant despite their overlapping functionality.
 CGI was asked to help the bank address these issues by establishing a platform that could be used to accelerate its time to market and reduce costs by leveraging reusable components across the sites. To meet this need, CGI chose the Drupal (v6.x) platform.
To date, CGI has built several sites using the platform with a mixture of community based and custom built modules. The underlying theme for the initiative has been to maximize reusability by drawing parallels between the sites and abstracting them into generic modules that can be reused with simple configuration. So far, CGI has built several reusable components such as a standard registration form and a contest engine.
The real success behind this story is the significant reduction in the bank’s cost of developing these sites. Development cycles have been reduced to as little as three weeks, thanks to the reusable custom components built by CGI and the vast number of community modules that are available for Drupal.
CGI continues to partner with the bank, and the bank’s value proposition is increasing with each project as CGI expands the reusable toolkit and lowers overall project costs.
The “2.0” days of open source content management systems have arrived. An increasing number of companies are embracing open source technology for content management not only because of the cost savings, but for the security, support, scalability and other advantages open source CMS affords. How quickly we reach “3.0” depends on how we continue to use and contribute to open source development.


(Joomla!, 2013) Joomla is a class of Open Source CMSs written in PHP scripting language and uses MySQL database for the backend. Compared to Drupal, Joomla is fairly new and is gaining popularity among users because of many aspects, including ease of usability and extensibility. There are around 4500 extensions and modules available to enhance the functionality of the core Joomla package. Joomla can be installed and run on Linux, Windows or Macintosh OS. It is distributed under GPL and is free to use. Advanced components of Joomla 1.5 are built using Model-View-Controller (MVC) design pattern
The standard release of Joomla contains the basic features such as blogs, RSS feeds, caching, search functionality, printable versions of pages, create and manage menus, administer the system and support for language internationalization. Joomla keeps content in its database to provide dynamic formatting. Web pages can be presented in unique format preferred by different visitors and different computers as they are not static files. Joomla templates are composed of XHTML block and in line tagged element. The theme manager interacts with data collectors and Menu manager in particular pattern. The whole system is made up of three types of pages: Sections, Categories and Articles
 Joomla File Structure
The understanding of the basics of the directories and files structure in Joomla site is essential. When Joomla is installed, there will be a default file structure either on the local machine or on the server. Below is an example showing how each folder has all the important documentation structured and organized.
Joomla’s Key Features
Graphical Flexibility: Many packages of graphical themes are available. It is easy to create custom themes using template files, a style sheet, a file containing information and a theme screenshot. Creating a theme from HTML page is also easy.
WYSIWYG Editors:
Joomla provides default editor tinyMCE which allows default video and podcast extension. Document
Joomla provides reliable document managers i.e., DocMan and RokDownload.
 Analysis of Joomla
i) Installation:
Installation of Joomla is very easy and can be installed in less than half an hour. For installation, a user doesn’t require much technical knowledge - they just have to know how to connect through FTP and install databases. It can be hosted on standard shared Linux, Apache, MySQL and PHP environment.
ii) Maintenance and Update:
In Joomla, maintaining and updating the site is easy. Like Drupal, Joomla users also need to back up the website before updating it. The administrator can back-up the whole website by downloading a file which contains the assets of website, and replacing the web directories using a web update interface.
iii) Community Strength and Contribution:
This CMS is supported by many independent consultants and organizations in the USA. There are several books published to help learners. Forums and discussion have been started by groups where one can ask question and get answers.
iv) Usability:
The user interface is very friendly with extensive use of images. Creating a new page is easy and it can be published by assigning it to the appropriate section and category.
v) Scalability:
The website built on Joomla CMS can be grown as the demand for a larger site increases. Joomla is scalable and can support tens of thousands of visitors a day. Joomla’s Webpages are cached for faster downloading of page and they are cached indefinitely as default but one can change the setting as needed.
vi) Web 2.0 Features:
In Joomla unlike Drupal, a website administrator cannot set permissions for site visitors to comment on any content of website through core extensions, but it can be done through a plug-in. This CMS supports a simple blog but multi-author blogs are not supported. The simple blogs can be created through content administrator on the website but cannot be created through the front-end site. Therefore, blogging communities are not supported.  Also, for social networking sites, a popular extension exists to create groups and content such as articles or images. It is then managed by site administrator. Outgoing RSS feeds are fully supported and add-on plugins can help in displaying other RSS feeds to the user website. However users cannot modify those feeds.
vii) Security:
The updates on security are released on and these updates occur frequently. Joomla has had only one major upgrade and it doesn’t support the legacy version with security updates and fixed bugs.
viii) User Roles and Workflow:
The Joomla CMS supports three administrative roles: to create new content, to edit existing content, and to publish content. In this CMS, one cannot give permission to particular users to edit or publish based on section of website or type of content. There is no notification system in which to forward or flag content. The site based on Joomla CMS is not very flexible for many different content editors as it does not give an easy way to set up a workflow based on type of content.
(Drupal!, 2015)Drupal is an Open Source CMS written in PHP and uses MySQL, PostgreSQL or MS SQL for database. Drupal can be setup on Linux, Windows or Macintosh OS. It is distributed under GPL (“GNU General Public License”) and is free to download.
The architecture of Drupal is designed in such a way that the three different layers work independently and correlate with each other to give the final output. These three layers are the content which forms the website, the application algorithm that organizes this content for presentation, and the representation layer which is incorporated by the Drupal theme system. The webpage that comes to a viewer’s browser goes through a sequential process in which Drupal modules take all the relevant content from the databases and then the theme gets ready for the final presentation. Unlike Joomla, Drupal’s architecture does not follow the design pattern of MVC but instead follows the Presentation-Abstraction- Control (PAC).
Drupal File Structure :
It is very essential to understand the basics of how the directories and files are structured on a Drupal site. When Drupal is installed, there will be a default file structure either on the local machine or on the server. Below is an example showing how each folder has all the important documentation structured and organized.
Drupal’s Key Features
i) Advanced Control of URL:
 Drupal provides a precise control over URL structure. Each content item which is called node in Drupal can be given a custom URL. The path auto module can automate custom URL structure for each content type.
ii) Custom Content Types and Views:
Using the Views module and the Content Construction Kit (CCK), we can create new content type without writing any code. There can be created any number of custom content types and can be displayed in many different ways. Some examples of content types are forum posts, tutorials, blog spots, news stories, classified ads, and podcasts.
iii) Themeing and PHP Template:
Themeing in Drupal can be done without any PHP knowledge. Drupal uses PHP template theme engine by default.
iv) Hook System:
 This system in Drupal enables the  user to hook in new modules easily. This hook system is invoked when any activity is done in Drupal. That action sends information to other modules which instruct them to perform a task.
v) Filter System:
 This system provides control over what content should be allowed to be viewed by anonymous user and admin users. One example would be if one wants to provide HTML control to admin user and filter that from an anonymous user. This feature helps to secure the website.
Analysis of Drupal
i) Installation:
For Drupal installation, the user  does not require more technical knowledge rather than just how to connect through FTP and install databases. The installation time for the new user with knowledge of general installation of other systems might be less than half an hour.
ii) Maintenance and Update:
 In the Drupal CMS, maintaining and updating site is easy. The procedure for updating the website includes the backup of the website, and then replacing the files using a web update interface. By downloading only one files which contains the assets of website; administrators can back up the whole website. The database can be stored in PHPMyAdmin. Drupal gives a notice to the site admin whenever any upgrades are required. A major upgrade may affect the current template or plug-ins. Drupal also provides security updates for previous versions in case administrator doesn’t want to change the version.
iii) Community Strength and Contribution:
 The community of Drupal is very large in terms of its users and developers. There are more than six hundred fifty thousand users and two thousand developers have signed up on
iv) Usability:
An administrator can easily access the page or section in visitor mode by just clicking the edit button. Accessibility to an admin area requires some learning, as its default setting does not have a refined look. The core package does not include any editor like WYIWYG (What You See is What You Get) but one can be installed as a plug-in. In Drupal editing pages or sections are the same, just while adding new page one may need to link it by hand.
v) Scalability:
Drupal is highly scalable with high traffic handling capabilities. Its Webpages are cached indefinitely as the default setting configuration but can also be manually cached for a specific time. Moreover, functionality area blocks can be cached.
vi) Web 2.0 Features:
 Drupal is an excellent community platform provider. It outperforms all other optionsin this area. A website administrator can set permissions for site visitors to comment on any content of website. This feature facilitates social networking website which allows visitors to create a group. As per their set permissions, they can post content such as article, pictures, and videos which can be managed by the admin. This CMS also supports multi-author blogs and subscribed visitors can create their own blog in the blogging community. Outgoing RSS feeds are fully supported and add-on plug-ins can help in displaying others RSS feedsto user website. Moreover this RSS feed can be modified as  per the requirement.
vii) Security:
Security updates are published on It gives a notice through update status plug-in to its users whenever new update is released. Drupal’s active community is very active and any security holes are remedied very quickly. There are references available to guide in making a site more secure.
viii) User Roles and Workflow:
Drupal’s core includes two default set of roles, anonymous user and authenticated user. Apart from these, any number of user roles can be created and assigned different permissions depending upon the content type. Add-on modules can be used to give more specific permissions to users based on content section using taxonomy function.
Table-1:Comparison of Joomla and Drupal


Ease of Hosting and Installation


Ease of Setting up a Simple Site


Ease of Learning to Configure a More Complex Site


Content Admin Ease of Use

Graphical Flexibility

Structural Flexiblity

User Roles and Workflow

Community/ Web 2.0 Functionality


Extending and Integrating

Scability and Security

Site Maintenance

Support/Community Strength


A particular CMS may provide a better option for one application while another CMS may be more suitable for a different purpose. The study of widely used CMSs Joomla, Drupal and the analysis of the features of an individual system can help an individual or organization to choose an appropriate CMS for their specific web application.


  1. Content on the website can easily be updated without calling the developer to do it
  2. It encourages collaborative work-flow which makes working with the website easier
  3.  It also enables the web developers to design full featured websites easily by using already existing templates and themes a good example is Joomla
  4.  It also prevents the organization from being tied down to one developer, as another developer who knows how to use the same system can easily take over and continue the job
  5.  It also saves the organization time and cost to train it's staff because most content management systems are very easy to use and understand
  6. Content Security: Content must complete a defined approval chain before it can be published. Users with appropriate access and authority can publish content, while users with less authority only can view the content. Placing responsibility for content in the hands of the business user and providing appropriate tools ensure content is up-to-date and responsive to current customer needs.


Despite the numerous advantages of content management systems, it still has some demerits which are listed below
  1. Most websites built with the same templates will always look the same unless the developer is very experienced and knows how to customize the site
  2. It leads to the development of poor websites that do not follow current web standards because it is very easy to develop a website
  3. It introduces more server overhead as calls to database as compared to a static HTML website though page caching functionality can help
  4. It also introduces a lot of security issues as a security exploit found in a content management system will affect all websites built with it, also passwords can also be compromised which could lead to 'user-role escalation' an Example is Joomla 1.6 User-role Escalation vulnerability



As we have shown, a WCMS is an application built on top of existing web technology. Like other web applications, a WCMS is subject to the same security threats and operation process vulnerabilities as other web applications. In this section, we discuss the common security concerns and ways they can be mitigated.
Security Concerns
Given that a WCMS is a software application, it is prone to bugs just like any other program. Vulnerabilities have been found in WCMS. As one example, a vulnerability called “absolute path traversal vulnerability” was found in the open source product OpenCms in 2006. This flaw would allow remote authenticated users to download arbitrary files
Another security concern lies with protection of authentication credentials when accessing a WCMS. Many WCMS products are designed primarily to solve the content management problem of websites rather than building a secure product.  Some WCMS products do not provide adequate protection for logins and passwords for example, and these passwords— including the administrator password—are sent as plain text over the network.
Similarly, as part of the publishing/uploading process, a WCMS might use file transfer protocols such as FTP to transfer files from the WCMS data storage server to the web server. FTP is not a secure protocol in the sense that authentication credentials and passwords are sent as plain text over the network. In addition, because publishing is an automatic process from the WCMS to the production web server, FTP credentials might be hard-coded in certain configuration files. Usually a hard-coded login password like this will not be changed regularly. As a result, any leakage of this password could allow someone illegally access to web content on the production web server.
If the WCMS includes other modules, individual subsystems may have their own bugs and introduce their own vulnerabilities to the WCMS. For example, if the WCMS has an email module, it might be prone to the same common threats faced by email server such as email spoofing. On top of this, the backend database server of the WCMS may have its own vulnerabilities as well.

Precautionary Measures
There are a number of precautionary measures that should be done proactively to mitigate the security threats identified above:
1.  Follow best practices by applying the latest security patches to all web server software. Any alerts or warnings about vulnerabilities on the WCMS product being used should be addressed immediately, especially if the WCMS can be accessed directly from the Internet. Any patch management process should also address additional WCMS modules, including email subsystems, backend database servers, JAVA runtime environments, and so on.
2.  A strict password policy should be defined. This should include a minimum password length, initial assignments to personnel, restricted words and formats, and a limited password life cycle.
3.  Logins and passwords sent over the Internet should be protected by SSL / TLS, so that attackers can’t sniff them over the network. In general, access to administration pages should be further controlled and these should not be open to Internet access.
4.  When publishing any web content from the WCMS to the production web server, file transfer programs such as FTP should be replaced by a Secure Shell (or SSH) that protects transmission channels by encrypting data. Some SSH implementations also support a feature that controls which IP addresses are allowed to connect to the destination server.
5.  To enforce data security, many WCMS implementations have built-in access control whereby groups of users are segregated into editor and administrator (approver) roles. These roles and their corresponding access rights should be clearly defined and reviewed periodically.
6.  A good WCMS should keep an audit trail, logging all editing and approval activities. These audit trails should be retained for a period commensurate with their usefulness, and should be secured so they cannot be modified and can only be read by authorised persons.
While a good WCMS can facilitate businesses to better control their web content, making it more responsive in today’s dynamic business environment, end-users should also be aware of the possible security impact on the  enterprise  if inappropriate material was published on the site. Advice toend-users include:
1.  Be aware of what is being published. Only approved content should be involved in the publishing process.
2.  Each user identity (user-ID) should represent only one person at a time. Shared or group user-IDs should not be permitted.
3.  Passwords should be promptly changed if they are suspected of being, or have been, compromised or if they have been given to vendors for maintenance and support. Password management practices such as enforcing strong passwords, and regular changes of passwords should be followed.
4.  Automatic protection features, such as a password protected screen saver, should be activated if there has been no activity for a predefined period to prevent any attempt at illegal system access.
5.  When a member of a content editing and updating group ceases to provide services in that group or organisation, his or her WCMS user-IDs and access privileges should be terminated as soon as possible.
6.  Software patches and updates should be applied to user machines regularly, including web browsers, Java runtime environments and so on, on a regular basis.




A Content Management System (CMS) is a web application that facilitates a group of users, usually from different departments in an enterprise, to collaboratively maintain and organize the content of a website in an effective manner. Over the past few years, web content management systems have grown in importance as more and more organizations communicate and publish their information via the web. Like other web-based applications, CMS applications are exposed to the same set of common security threats found in any network and web-based operation or process. This paper outlined the common security concerns of WCMS, and provided a number precautionary consideration to take when dealing with them it also showed the advantages of using content management systems both for the developer and the organization.


A CMS represents a major departure from “traditional content management methods”. Not only are business processes altered, but more business users and fewer technical personnel are involved in day-to-day content management operations. Content bottlenecks are removed, while content backups are automatically generated. In Conclusion Content Management Systems have changes the way online information is managed.

The following recommendations are general in scope and intended for those organisations, web developers, web designers web users etc.
Inc, C. G. (2011). Open source 2.0 for content management system. CGI Group Inc.
MICAN, D., TOMAI, N., & COROŞ, R. (2009). Web Content Management Systems, a Collaborative Environment in the Information Society. Babeş-Bolyai University, Cluj-Napoca, Romania: Faculty of Economics and Business Administration,.
Osaze, O. (2014). Content management system. Elele,Rivers State,Nigeria.: Madonna University Department of computer sceience.
Region, T. G. (2008, Februray). WEB CONTENT MANAGEMENT SYSTEM. Retrieved October 12, 2015
Thakur, S. (2015, july 2). study mafia. Retrieved september 7, 2015, from Content Management System Seminar PDF Report and PPT:
The beginner‘s guide to content management systems. (n.d.). Retrieved October 19, 2015, from netregistry:
Wakode, B. (2013). Study of content management system joomla and drupal. IJRET:International Journal Research in Engineering and Technology, 569-573.


No comments:

Post a Comment

Feel free to drop your comments to help us serve you better