A fast and light-weight Content Management System.

domoCMS started as free time learning project on how to build a secure and fast content management system from the ground up. Over a period of several years, it evolved into a more polished system while serving content on www.808.dk. The code has been online in its different iterations since late 2003, surviving years of real-world use and abuse.

Please note: domoCMS is currently not publicly available as a formal product. This may change in the future. In the mean time, distribution is limited to friends and family.

domoCMS features:

  • Security-focused core design
  • Web standards compliant
  • Fast response times1 and low server resource usage2 through use of caching
  • Simple web-based content administration
  • Automatic RSS feed generation
  • Multiple database back end vendors supported
  • Extendable through extra code blocks
  • User login system enabling public and private content
  • Automatic picture gallery with thumbnail generation
  • Automatic sitemap xml generation
  • Search engine optimization-centered design
  • Fast full text content search
  • Scalable to multiple frontend servers
  • One-time login/passwords supported for travel use
1, 2: Sub 50ms response times at 100 page requests/sec at 11% CPU load on a single CPU system.

domoCMS development principles, ordered by priority:

  1. Security - All input sent to the public interfaces must be filtered and validated before use to ensure the security and integrity of the system. Content administrators must be able to log in as securely as possible over less than ideal internet connections. Failed login attempts must be throttled down to prevent brute-force attacks. Passwords must be stored only using salted hashes.
  2. Performance - All potentially frequent reads from the file system or backend database must be cached in memory to ensure scalability and performance.
  3. Standardization - The main site template must validate as XHTML 1.0 Transitional or HTML 5. The main template layout must render comparably in the top five browsers and also scale down to mobile devices like tablets and smartphones.
  4. Accessibility - All public content must be made available through automatic RSS feeds and XML site maps.
  5. Backend compatibility - The content database must be able to run on MySQL, MSSQL and MS Access.
Code changelog:

2022-09-25: Implemented automatic HTTP to HTTPS redirection.
2019-07-07: Updated URL input filter to ignore fbclid and utm_ tracking parameters.
2019-02-12: Implemented basic HTML5 semantic markup.
2015-08-16: Updated the browser statistics page to also detect the Edge browser.
2015-07-19: Replaced front-end with Bootstrap, enabling responsive design.
2013-04-27: Added automatic links back to originating page on gallery popups.
2011-11-12: Fixed a rounding error in the visitor statistics calculation.
2011-06-25: Tweaked IP blacklisting system to support wildcards.
2010-12-05: Added detection of smartphones to serve special handheld CSS.
2010-06-30: Updated the picture sitemap generator to support more tags.
2010-03-13: Improved logging.
2009-09-04: Confirmed database compatibility with MSSQL/MySQL/Access.
2009-06-06: Added a whitelist check in front of the database layer.
2009-06-05: Reduced the number of queries to the database.
2009-05-16: Added server-side webapplication keepalive function.
2009-05-09: Added fully parameterized database communication layer.
2009-04-25: Tweaked the menu and added tag-specific RSS feeds.
2009-04-22: Added handheld CSS and detection of legacy browsers.
2009-04-18: Changed menu to a more flexible UL/LI data structure.
2009-04-10: Added automatic tag cloud generation.
2009-04-05: Added content tagging function.
2009-02-09: Separated the page layout template from the CMS code.
2009-02-07: Added semi-WYSIWYG inline page content editing feature.
2009-01-24: Added option to pre-cache content for all pages.
2009-01-18: Implemented more function encapsulation, caching tweaks.
2009-01-06: Added expires-header to the CSS to encourage browser caching.
2009-01-04: Added previous/next-functions to the picture gallery system.
2009-01-04: Major code cleanup/reduction and more caching added.
2008-12-15: Added feature: code extension support (extra code blocks).
2008-12-03: Fixed two IE6 layout bugs affecting the menu and the gallery.
2008-08-31: Changed the picture gallery system to use shorter URLs.
2008-07-24: Fixed a bug in the page caching system.
2008-06-06: Adjusted 404 triggering.
2008-05-31: Added server-side automatic picture thumbnail file generation.
2008-05-28: Added picture uploader in the CMS administration.
2008-05-20: Adjusted 404 triggering.
2008-05-17: Added pop up viewer for the picture gallery system.
2008-05-12: Enabled multiple in-line picture galleries per page.
2008-05-02: Added a picture gallery page type in the CMS engine.
2008-04-26: Added IE8 and Safari to the browser statistics page.
2008-02-21: Adjusted search URLs and 404 handling.
2008-02-04: Implemented more offensive blocking of misuse attempts.
2008-02-02: Implemented short URLs (long URLs still compatible).
2008-01-26: Added the "priority" attribute in the sitemap system.
2007-12-30: Added the "lastmod" attribute in the sitemap system.
2007-12-30: Changed the caching system: Each page now has its own timer.
2007-10-28: Further hardening of the login and session system.
2007-10-27: Added form spam prevention on the contact page.
2007-10-13: Added one-time login/password option in the user administration.
2007-07-18: Replaced blacklist input filtering with whitelist RegExp.
2007-07-07: Added support for shorter, condensed URLs.
2007-07-01: Added salt to the password encryption system.
2007-06-12: Automated Sitemap generation.
2007-06-11: Added RSS 2.0 cached site content feed RSS 2.0 feed.
2007-06-11: Added automatic update time stamps on pages.
2007-06-03: Further bulletproofing of the full text search function.
2007-03-17: Added further separation of SQL and data input.
2007-02-26: Added server-side content caching.
2007-01-13: Improved security. Passwords are now encrypted using SHA-256.
2007-01-01: Changed the metadata system to be more search engine friendly.
2006-12-31: Rearranged the content elements to be more search engine friendly.
2006-12-31: Fixed handling of HTML-encoded characters in the content editor.
2006-12-18: Changed the data structure so each page now has its own metadata.
2006-12-17: Rewrote the site template to use divs instead of tables for layout.
2006-11-19: Added file download system.
2006-11-12: Added page redirect feature.
2006-09-02: Added the JavaScript keyboard to the administration login page.
2005-07-11: Code cleanup in site template. It now validates as XHTML 1.0 Strict.
2005-05-16: Added Full text search.
2005-04-23: Added better handling of pages not found.
2005-03-19: Changed the way database records are added/updated/deleted.
2004-10-26: Minor db connection changes.
2004-04-30: Optimized the login procedure.
2004-01-02: Added browser statistics.
2003-11-20-ish: domoCMS goes online serving content for www.808.dk.

Page last updated 2022-09-25 20:13. Some rights reserved (CC by 3.0)