<HTML dir=ltr><HEAD>
<META http-equiv=Content-Type content="text/html; charset=unicode">
<META content="MSHTML 6.00.6001.18203" name=GENERATOR></HEAD>
<BODY>
<DIV id=idOWAReplyText49255 dir=ltr>
<DIV dir=ltr><FONT face=Arial color=#000000 size=2>Hello,</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>We have a few colleges / universities using it (I can't say if they would scale to over 100 staff who would use the system).</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>The only scalability I could think of is the database which at present is mysql only (in PHP terms). The code has been written to be as readable as possible. I am sure if some one chose to they could find places to improve it, but from my experience of open source code it is often nigh on unreadable and as such means people looking to customise or modify the code for their installs are stuck with all my decisions. Ideally I'd like people to be able to easily add in new code and features so we can work as a community to improve the site. </FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Security wise - I am not a PHP security expert, but the latest version has extra security in the PHP sessions, and in every place where data is directly given by the user then there is some validation to remove mysql keywords and some string escape characters. Where the input comes from GET or POST, it is checked to see it is the expected format, and then mysql_real_escape'd. File uploads are more of a problem - due to it being hard to ascertain in advance what file types people want, or expect to upload.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I'd suggest there is some scope for looking into using chmod more frequently, but I am not sure if this code works correctly on windows servers.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>As already mentioned - collaboration is handled via a series of mechanisms depending on user preference.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>I don't see ms sql and LDAP as alternatives to each other - but if you wish to use another form of authentication then you would need to modify the code in the login_library.php functions. It would be a matter of writing a select query on the password and username variables, and then seeing what it returns.</FONT></DIV>
<DIV dir=ltr><FONT face=Arial size=2></FONT> </DIV>
<DIV dir=ltr><FONT face=Arial size=2>Pat</FONT></DIV></DIV>
<DIV dir=ltr><BR>
<HR tabIndex=-1>
<FONT face=Tahoma size=2><B>From:</B> xerte-bounces@lists.nottingham.ac.uk on behalf of Vince Byfield<BR><B>Sent:</B> Wed 25/03/2009 21:16<BR><B>To:</B> xerte@lists.nottingham.ac.uk<BR><B>Subject:</B> [Xerte] Questions about Using Toolkits for larger User-baseDeployments<BR></FONT><BR></DIV>
<DIV>
<DIV>Hello all, </DIV>
<DIV> </DIV>
<DIV>New user here--very impressed with Xerte.</DIV>
<DIV> </DIV>
<DIV>Has anyone currently tested Xerte Toolkits with a significant number of users (say 100+) authoring and publishing their own content? If so, I'd like to hear from you. Specifically:</DIV>
<UL>
<LI>What sort of scalability issues are you running into?
<LI>What security precautions are you taking?
<LI>How are you handling users who wish to collaborate on documents?</LI></UL>
<DIV>Also, we are planning to auto-authenticate to an MSSQL 2005 database instead of LDAP. Has anyone tried this already? If so, please let me know what problems you encountered along the way.</DIV>
<DIV> </DIV>
<DIV>Many thanks :-)</DIV>
<DIV> </DIV>
<DIV>Vince.</DIV>
<DIV> </DIV></DIV></BODY></HTML>