Electronic Fantasy World (Logo)

Kumo Features

Kumo's feature set rivals that of the most popular CMSs, and its security features alone are worth the relatively inexpensive price. Check out this list of features!

 

Wide Platform Support

Kumo was built with PHP and supports MySQL as its database. Kumo can run on any web server that supports PHP and MySQL. Running Windows and Microsoft's IIS? You can use Kumo - just install PHP as a handler for IIS, and add MySQL. Apache on Linux? You may well already have everything you need. Kumo's hardware and software requirements are low enough that a successful (if slow) web server can be deployed on a twenty-year-old personal computer.

 

Modular Design

Everyone says their CMS is "modular," but nobody does "modular" like Kumo. Individual modules are dynamically loaded and custom modules can be loaded on a page-by-page basis.

If you need a custom module, creating one with Kumo is easy - there's even a module template! Custom modules allows using Kumo in commercial settings as the middleware and intranet website in one package. All you need for module creation is an understanding of PHP.

 

Minimal File Editing Needed

It's common to have to edit files when setting up a CMS, but for Kumo this process is greatly simplified by including as much of the site's setup and configuration as possible in the site's database. In most installations only two files need to be edited: one that holds database-access information, and the other to tell the website where to look for the first.

This design also means that you don't have to edit a bunch of theme files in order to change the website's look and feel. Everything from the core HTML to the content of individual pages is in the site's database and can be edited through a Web interface without having to touch a single file.

 

Hack-Resistant

There's no such thing as hack-proof, but Kumo takes hack-resistant to extremes. Security is part of Kumo's original design and not a bolted-on afterthought, so security is implemented throughout Kumo's architecture. Kumo detects and blocks attempts to breach its security, logging such attempts, automatically banning attackers and notifying administrators of its actions. Kumo also silently detects and logs anonymized visits, so hiding behind an anonymizing proxy like Tor won't help.

Even something as oft-overlooked as password handling gets the Kumo security treatment, with built-in password strength displays for users, randomized site-wide and per-user password hash salting, and the use of the insanely tough Blowfish-based bcrypt password hashing system in order to thwart efforts to break into the website through user accounts. Kumo's password handling was designed so that even if the entire database is exposed it'll still be nearly impossible to "crack" passwords.

Everything going into and out of Kumo is sanitized for safety. Every write to the database is length-checked, encoded, and escaped in order to break buffer overruns and SQL injections at the database-access level - not that Kumo would let a SQL injection get that far to begin with. Everything passed to and from the browser is also sanitized, and unexpected GET, POST, and COOKIE data is dropped without a second glance.

Further increasing security is the fact that Kumo places its core files such as modules and form handlers outside the web server's view, and incorporates them as needed through direct file access. This makes it tough to tamper with a Kumo-powered website's files since they're only accessible via a more direct connection.

Kumo's security is tough enough that it's difficult to test - we had to disable parts of Kumo's security systems during penetration testing because Kumo kept blocking and banning our testing tools!

 

Adbot-resistant

Kumo's innovative automated-login prevention system makes fully-automated logins nearly impossible, and does so without annoying captchas. During the last five years, no Kumo test site has ever had a successful automated adbot login!

Since adbots can't log in automatically, a person has to do it manually, and this makes banning unwanted advertisers simple.

 

Simple User Security

Kumo provides three user-access categories. Moderators have the ability to moderate the message board. Authors can create new webpages, or edit webpages they created. Administrators can access everything.

Additionally, Kumo supports user groups, and allows access to specific pages or features to be restricted to specific users or members of specific user groups.

 

In-Place Content Editing

Editing pages with Kumo is shockingly easy thanks to Kumo's in-place content editing capability. Click a link and the content portion of the page becomes an editor with the full HTML of the page's content exposed for easy manipulation. Editing a page through the in-place editor is a lot like posting on a typical message board, only you work directly with the raw HTML. When you save changes in the editor, the live page instantly changes to reflect your edits.

If you want WYSIWYG editing, you can have it - Kumo supports the XStandard XHTML WYSIWYG Editor by Belus Technology Inc. Download and install XStandard, click the appropriate edit link, and Kumo will present you with an XStandard edit window preconfigured to use all of the CSS declarations and custom classes you've defined for the website. What you see is definitely what you get! (Please note that while Kumo supports both the free Lite and paid Professional versions of XStandard, neither is included with Kumo or as part of Kumo's pricing. You can purchase XStandard Pro, and download XStandard Lite, directly from Belus Technology.)

 

Integrated Access Controls

Kumo supports redirects by referrer or address, which means you can craft a "landing" page for each domain that sends traffic to your site. Or, redirect users from problematic sites to the "banned" page to essentially ban them from your website.

 

Integrated Message Board

Kumo includes its own message board system - no need for additional software. The message board can be user-moderated, and supports (for all intents and purposes, anyway) practically unlimited numbers of fora, threads, and posts.

 

Integrated Picture Gallery

Kumo's picture gallery system closely imitates the functionality of the popular Gallery PHP script, and the picture gallery can be connected to the message board to allow each picture to have its own comment thread.

 

Integrated Calendar of Events

Kumo's event calendar can alert users to upcoming events, and each event can be restricted to only display to specific users and/or user groups.

 

Integrated Database Management Tools

Kumo includes tools for maintaining a healthy database, including an archive tool that can create a downloadable dump of the database for off-site backup.

 

Integrated Advertising System

Advertising handling is easy with Kumo, which features an integrated advertisement randomizer, clickthrough tracking, multiple ad types that can be inserted anywhere on a page-by-page basis, and more.

 

Integrated Download Manager

Kumo's download manager virtualizes download links, tracks downloads, redirects visitors to pages after downloads, and more.

 

Debug Mode

Few things are more frustrating than running into problems when your website that works perfectly on test systems doesn't on the live machine. In order to make this a non-issue, Kumo includes a comprehensive debug mode that lists what each module is doing and when. Integrated code profiling also helps find trouble spots by listing how long each module's primary code segments take to execute. Turning debug mode off for the live site is as simple as commenting out a single line of code in a single file.