Hey All,

Great posts Nina and everyone.

On my last project I did stick with DNN, because I'm simply not technical enough to dive into another solution like PHP when I've spent all this time with DNN and am comfortable.  However, I did install 5.0 on GoDaddy for this project and have gone through the typical h e doubl l.

I've also broke the host > extensions page somehow and am getting some other minor headaches which I think I'll just wait until the 23rd and upgrade to the next fix-it release of 5.dnn.  I wish I had known better to stay back on 4.9, but oh well the site is live.

Still don't have a CRM solution for managing sales people or a best way to play video and audio on this site, more work and research to do.

-- Chad

To add a bit of balance to the discussion of Penton, it is important to understand why the initial switch was made from Drupal to DotNetNuke - because the Penton .Net team was delivering sites faster than the Penton Drupal team.  There are many reasons that go into that, beyond just the core technology, and I would be happy to discuss them in another thread rather than hijacking this one.

I do feel that there is one major area where there is a vast difference between DotNetNuke and Drupal and that is security.  Because DotNetNuke is built on the .Net framework it is inherently much more secure than PHP which does not have many of the same security features built into the language/platform.  This means that the Drupal team has to do a lot more work to get a secure platform.  DotNetnuke has been blessed over the lifetime of the project to have a great security team who takes security very seriously.

During my previous life in the military I was a computer security analyst at the Pentagon working for the Joint Chiefs.  As a result I have always regarded security to be a critcal feature that was needed for any web application - especially one that was a framework that other sites and applications would be built on top of.  Cathal Conolly likewise has an extensive security background and is very meticulous in reviewing our code to make sure we are maintaining as tight a codebase as possible.  Recently we added another individual to the team with Brandon Haynes who brings yet another perspective on security and who has an excellent understanding of the topic which rivals any knowledge that Cathal or I may possess.  This is not to say that we are the great security experts, just that this is something that is very important to us.

Beyond just taking my word for it, I suggest looking at a site like Secunia.org which maintains a vulnerability database.  They currently list 14 vulnerabilities for DotNetNuke (all versions).  I know that this number is actually higher and stands at 32 as shown on our security policy page.  What that means is that in 7 years we have found 32 cases where DotNetNuke had a security vulnerability.  Compare that record with Drupal.  According to Secunia.org Drupal had 39 vulnerabilities in their 6.x codebase. 35 vulnerabilities in their 5.x codebase. 32 in their 4.x code and 7 in their 3.x code.  I don't care how you slice those numbers, DotNetNuke stands out head and shoulders above Drupal in this regards.  Below is a breakdown of the Drupal 6 vulnerabilities (realize that Drupal 6 was released Feb 2008 so these 20 advisories on 39 vulnerabilities really only spans 2 years)

Drupal on Secunia

DotNetNuke on Secunia

I think that anyone objectively looking at all the data available would find that this is an area where DotNetNuke has a clear advantage and is not just a matter of personal opinion.  We take security very seriously and it shows in our product.