When making content management tools available to web users, which type of CMS is easier to secure, train your users on and generally keep running and happy:
- Online, databased CMS (i.e. Drupal, DotNetNuke, etc.)
- client tool with server component (i.e. Adobe Contribute)
Are there any CMS systems in particular that you would expressly not allow to run on hardware you maintain?
For our web projects, we use a custom built content management system that uses a back-end database with a web-based console for management. Here's why:
Moves with the site - If the customer wants to move their hosting, there are specific requirements for hosting and the entire site along with its management features can be moved at once without having to reconfigure external tools.
More secure - There is a single point of entry: the admin login. No need to make the database server available to the outside world or have FTP access enabled all the time (only when code updates need to be pushed out).
Accessible from anywhere - If a client needs to make a change, they can log in from any web browser and do the change without having to worry about external software or opening holes in a local firewall, etc.
Flexibility - Since we have access to all of the code and database, we can make whatever we want on the site manageable without being constrained by the limits of whatever installed external software. Changes can be rolled out quickly and apply to everyone immediately.
The cons to using a system like this might include:
Training - With a proprietary interface, some user training may be needed. You're likely to run into this with any content management software though, external or not.
Speed - Using a web interface may not be as fast as using a native management application can be.
I generally prefer the online databased system for its flexibility. Contribute is great, but inflexible - I don't have the source code to manipulate the way it works.
If Contribute does exactly what you want and will always want, go for it, but otherwise something you have the code to may serve you better.
The only major CMS (that I've experienced thus far) I'd forbid from my systems is Joomla.
We've got a very large Plone installation. I'm not a giant fan of Plone because it's based on Zope and Zeo, both of which can be giant hogs as far as resources go. You also need to have a load balancer and squid in front of Plone in my experience if you expect any level of performance.
Personally, I like and have used most of the PHP-based CMSes, blogging software, etc.
From a security and scalability point of view, the type of software that writes static HTML files up to the server is easiest to implement on a broad scale (many sites, many users) -- whether it's web-based or client-based. You can host sites that way with a minimum of resources.
If your needs are small and you want to go dynamic, look at Wordpress. It's more of a CMS than a blogging tool at this point and has a really rich feature set, template set, and plugins, and is relatively easy to develop for.
If your needs are larger-scale, then you're going to get into systems like Plone. Plone met our needs because of it's rather extensive ACL system.
With any tool that has a broad user base, you're not going to run into a situation where you have major security holes sitting out there in the open for long. I'd be leery of anything that has a very narrow scope or a tiny user base. For the same reason, I'd be leery of rolling my own when SO MUCH work has been done already to develop and secure this kind of system.
What is your goal with a CMS? Who would be doing updates and what kind of updates. Is training users mainly for accessing data or for uploading and maintaining the data?
A CMS is probably better than Contribute if flexibility is needed. Which CMS and will depend on what capabilities that you need.