SCMS is a secure content management system. Some
of its features are a role-based object-oriented
design, conformance to XHTML 1.0 Transitional,
strict I/O (input/output) validation, a custom
session implementation, support for SSL and
cookies (when run over SSL), session identifier
regeneration, idle session expiration, account
locking, account unlocking methods, encryption
(with MD5, AES, SHA1, SHA256, SHA512, or
WHIRLPOOL), and event logging.
License: GNU General Public License (GPL)
Changes:
CSRF protection was added for each SCMS request by default. Account locking was improved considerably; now the user logins' counter is stored in the database in scms_uInvalidLogins in scms_Users. The table scms_Sessions was redefined. scmsSession_IPCheck was defined to control whether to tie sessions to their initial IPs, which is another way to prevent session hijacking. scmsSession_DataEncrypt was defined to control whether to encrypt the Session Data in the database or not.
