I finally decided to start a web log and decided this time around look for an out-of-the-box solution, rather than trying to create one. All I needed was a simple and secure interface, without any unnecessary functionality I would have to audit for security and find ways to disable.
The first surprise was that the search list came back pretty short - about a dozen blogs. Some of these were pretty pricey - (e.g. DMXReady at $199 USD for a single site license) and some just didn't look right. Eventually, a couple of those I looked at caught my attention - Forest Blog, dBlog and Battle Blog and I decided to give them a try.
Battle Blog, while looked quite similar to what I had in mind, required MS Access or SQL Server, so I decided to put it away. I probably could install the express edition of SQL Server, but I was already running MySQL on my server and didn't want to install and maintain yet another DBMS.
dBlog appeared to support only MS Access, although I couldn't say for sure, as installation instructions were in Italian.
Forest Blog, on the other hand, looked very nice. It had a great installation wizard and after clicking through a few pages, I had a usable blog, although I did have to allow writing within the web root in order for the wizard to complete. Those who are not careful with their security settings may end up with a vulnerable website.
One thing about TinyMCE was that it only generated XHTML and if it was used on a good-old HTML website, would produce bad output (i.e. <p/abc/ is valid HTML - look it up!). I couldn't find anything in the configuration and posted on TinyMCE forums Saturday night. I was pleasantly surprised to see an immediate response with a usable way to strip off the trailing slash from such XHTML elements as <br />. That settled it and I ended up using TinyMCE.
April 5th, 2008
Well, after using TinyMCE for about two weeks, I wasn't as thrilled about it. The editor simply didn't handle HTML beyond simple formatting, so I decided to switch to FCKeditor. Removing all server-side files made it just as secure, but FCKeditor turned out to be just so much better when it comes to editing!