Articles:

Known Issues - The bad and the Ugly

Here are all the warts you’ll (possibly) have to think about.
  • The WYSIWYG editor doesn’t currently support a wide range of browsers; (basically it’s an IE love child). This will be addressed as soon as possible, in the meantime you’re welcome to replace the editor with your preferred one – which you might want to do anyway.
  • Admin Performance; although I’ve focused a lot of energy into the performance of the public facing part of the product, I haven’t focused so much on the performance of the admin area. The single biggest killer is ViewState. My plan for future releases is to move to a more AJAX centred design to improve both the usability and performance.
  • Test coverage is low; there was an older version of the test suite which seems to have fallen by the way-side, the new test project will be gradually expanded overtime. The good news is that a lot of ‘non-Unit Testing’ testing has gone into the product over a long time, and there’s only been me developing it – so things are very stable, even if there’s a lack of unit test coverage.
  • Security – MS SQL Direct Table Access (SELECT only); this isn’t actually as bad as it sounds but I want to mention it here for transparency. All tables are accessed via stored procedures – all of which are paramertized, there is no use of execute or exec to execute raw SQL statements anywhere in the current MS SQL data provider. This is all very good, the not so good bit is that you will have to allow select permissions on some tables depending on what you want to do:
    • By default, the Audit, Log and HttpLog tables allow SELECT access; the current MS SQL data provider needs to allow this to service some admin pages. You don’t have to allow this if you don’t want to – it won’t affect normal end user operation of the site.
    • Another admin page, ‘Data Info’, reports on the amount of storage used by the data provider; in the case of the current MS SQL data provider this means that SELECT is granted to most tables. You don’t have to allow this if you don’t want to – it won’t affect normal end user operation of the site.
    • Currently, all direct table SELECT access is performed by functionality only available within the admin area; however, (by default) that functionality operates under the same account that normal site visitors use.

Last edited Aug 29, 2011 at 3:41 AM by AdrianK, version 6

Comments

No comments yet.