Search find on this site
The Enano CMS team is extremely proud to announce the immediate release of Enano v1.1.6, which is considered the first beta in our ongoing development of Enano 1.2.0. Beta 1 is a major milestone for us, as it marks the feature-completion of the 1.2.x series. Of course, the obligatory disclaimer:
THIS RELEASE IS HIGHLY UNSTABLE AND IS LIKELY TO CAUSE YOU PROBLEMS. IF YOU INSTALL IT ON A PRODUCTION WEBSITE, DO NOT EXPECT SUPPORT FROM US. No support of any kind is provided for this release.
Enano 1.1.x will not run on PHP 4.x. PHP 5 or PHP 6.0.0-dev is required.
That taken care of, let's talk for a bit about what's been added. New features in this release are far and wide.
There is a new default theme, Enanium, which introduces template hooks (plugins can add code to the page at certain points) along with the ability to hide the Tools, User, and Search sidebar blocks and replace them with your own code. Enanium does this through a tabbed interface in the upper right-hand corner of the page for user controls and jBox drop-down menus for site controls.
One of the biggest features of Enanium, being introduced as a plugin, is the ability to have custom background images. Enanium handles these seamlessly, providing a translucent body that beautifully but unobtrusively showcases the background image.
We thought long and hard about how Enano could be made more secure. The answer we came up with was Live Re-Auth. This security feature protects access to page tools such as protection, deletion, access control lists, and clearing logs by asking for your password. But the great thing about Live Re-Auth is that it doesn't re-load the page when you log in! Providing your password is as easy as typing it and pressing Enter.
Live Re-Auth sessions act just like the privileged sessions you get when you log into the admin CP: they last 15 minutes, and are renewed every time you do something. This provides increased security while continuing to keep convenience at a level greater than any other CMS solution.
We last changed our password storage philosophy over two years ago with Enano 1.0RC1. This allowed more secure logins, but it came at a cost: if your database and configuration file were both compromised, your users' passwords would be revealed. We've decided to change that in Enano 1.1.6. Passwords and sessions are now based on HMAC-SHA1, which maximizes security, reduces the size of session keys, and allows faster session validation.
AES and Diffie-Hellman are still used for logons, because Enano still needs a pure (non-hashed) form of the password in order to validate your credentials.
Enano now features support for the Yubikey, a hardware authentication device based on one-time passwords (OTPs), through the Yubikey plugin. But that's not where we stopped. Any plugin can now extend the Enano authentication system to allow authentication through an external service. Authentication plugins can choose to require an Enano password in addition to their method, just require their own method, or allow bypassing their own method, letting the user log in as they would normally with their Enano password. The options are limitless!
Since authentication plugins can change the way Enano handles security, we've made sure that administrators see an extra confirmation during plugin installation.
The new Log page lets you view changes to the site in a style similar to that of a wiki. Intelligent filtering allows you to search for changes.
The administration panel homepage had the same text on it for three years, so we thought we'd spice things up a bit. Enano 1.1.6 features a fully redesigned administration home page which includes many statistics on the site including sizes of the cache, uploaded files, and database; redesigned alerts; and links to easily obtain support for Enano.
Downloads are available in the usual place. We just updated the downloader to use CoralCDN. It's still being tested, so post in the forums if you encounter any problems.
