Vempain is a publishing system that supports remote updating of pages as well as remote administration. The distributed architecture makes it very scalable and thus suitable even for highvolume sites.

As Java, PHP and SQL is used, any platform that support these can be used (Windows, Linux, Unix, Apache, iPlanet, mySQL, PostgreSQL, Oracle, MSSQL to name a few). Vempain is developed on x86 Linux, Apache, mySQL-combination and is it´s primary platform. Internet Information Service is not supported due to it´s lack of basic features such as internal redirection with matching.

Vempain is divided into four separate parts, the web-server, publishing-server, publisher-client and the database, the two first ones both connecting to the database.

Web server
Publisher-server
Binary upload
Users, units and roles

The webserver runs a PHP-module which enables it to parse and run PHP-scripts. All requests to pages are redirected to a single page which in turn parses the request-string and searches the database for a corresponding document as well as its form and additional components which the script combines and runs. The product is then sent back to the requesting visitor.

If the requested page is marked restricted, then the credentials are checked.

The publisher is written in Java using RMI as the c/s-protocol. The client in itself does not contain any editor, instead the user configures his/her favorite editor to be called (provided that the editor supports filename as command-line parameters).

The binary files (image, executable, zip etc.) are handled differently from the pages in that they are stored on the harddisk and are listed in two tables on the SQL-server, binary_file and binary_file_referer. The first lists uniquely the path+filename as well as the ACL_id of the page (the owner), MD5Sum and of course the creator, modifier, dates of creation and last modification. The second table lists all the references to the file, including the ACL_id of the referencing page, order of referrer (the owner-referrer is the first), page_id of the referrer-page, creator and date of creation. The version of the binary file is checked by computing the MD5Sum of the file.

Since Vempain has no built-in definitions of administrators, authors and web users extra care must be used when an user is assigned to a unit since the unit may have assigned indirect privileges.

Instead of built-in privileges Vempain has the following definition of admin, author and web user units:

Web user unit:
Web user unit contains all the users who have read-access to pages where the default ´webuser´-user is removed. This always requires login of the user otherwise the privilege falls back to the anonymous ´webuser´ web user.

Author unit:
Author unit has the additional privileges to write, delete and modify pages as well as read part of the administrative pages of vempain itself (those currently residing under /Edit/). Since each page consists of many parts (layout, layout_order, form. component and page) the role of the author can be established with a fine-granularity. IE. some authors may have the privilege to modify the components and layouts while others can only create new page content with the given template.

Administrator unit:
Those belonging to the administration unit has the full access (both read as well as write, delete and modify) to the administrative pages.

Notes

• Administrators are the only ones who can create new users.
• Since the privileges work in an explicit way, the administrators do not have automatic access to all web-pages (neither through browsing the site nor through editing the pages).
• Similarly the viewable pages can be split among the authors so that only part of the unit as access to some pages while the others update the rest.
• There is one group whose authority supersedes even the administrator-unit and that is the operator of the server. Since the operator has access to the database passwords, he can in effect see all the content of the site. Therefore it

For a small site the features described above seems perhaps unnecessary, but as soon as the site begins to grow the maintaining becomes more complex and a migration to a new platform is very expensive, both in terms of downtime, additional cost of investments in hardware and software as well as the re-education of the staff.