Chapter 1. Introduction

Introducing Macrotone Joomla Audit

Macrotone Joomla Audit is a component which enables one to monitor changes to the data on a Joomla powered site using a MySQL database.

This component was created out of a feature within Macrotone Issue Tracker which is used to provide a comprehensive Audit trail, often known as Change History. It enables one to optionally generate a 'history' of changes performed upon a database table.

Our experience tends to indicate that very few (if any) Joomla components make use of the underlying database to its full advantage, preferring instead to implement features at the application layer. This is in our opinion missing a very important 'trick', since the database is 'closest' to the data itself. We have used our extensive database expertise to therefore make use of some of the database features with this component to provide the change data.

[Important]Important

This component makes use of database features specifically database triggers. Not all host providers allow their clients to create these types of database objects. It is advisable to check your specific privileges before installing the component otherwise you will not be able to use the component if you cannot create database triggers.

Attempts to install the component upon a system without the permissions will result in the installation failing.

The 'basic' Joomla installation provides some tables with a record of who made the last change to an item (i.e. an article or a web link etc.) and when they made the change. Unfortunately it doesn't inform one of what was changed. It might have been something as simple as a correction of a typological error, or it may have been some thing much more extensive. Some sites require much more information about any given change, especially sites that may house data that could be considered 'sensitive'. The Macrotone Joomla Audit component tries to address this requirement and provide a more comprehensive and extensive audit over all of the changes that have occurred upon table records.

This feature makes use of the underlying features of the database and creates 'database triggers' that record the changes after they are made in the database. In this way there is no need to change any of the Joomla libraries or core code, which avoids any problems if/when the core code is changed between releases.

A database trigger is procedural code that is automatically executed in response to certain events on a particular table or view in a database. The trigger is mostly used for maintaining the integrity of the information on the database. Most if not all databases provide support for database triggers. Whether a specific database user can create these triggers will depend upon the permissions granted to the database user. The database user that has to have the correct permission in the Joomla environment is the user that is used to perform all database connects as defined in the Joomla installation itself.

[Note]Note

Different databases implement database features such as database triggers in different way, and often with slightly different syntax. For that reason the current version only supports MySQL databases, the most commonly used database for Joomla systems.

The Macrotone Joomla Audit database triggers (by default) are all created as 'AFTER' triggers, which means that they all are executed 'after' the record has been saved to the database. The implication of this is that no information is saved IF the record itself is not saved in the database. It also means that for 'INSERT' triggers, any information automatically created by the database as a consequence of the insert, such as unique record identifiers are also recorded in the change history.

[Note]Note

It is possible to create BEFORE triggers although in practise they do not always hold all of the required information. An example of this would be the unique identifier (id) field which is usually populated automatically by the database upon a record insertion.

The change history created by Macrotone Joomla Audit can be used to provide documentary evidence of the change activities that have affected at any time a specific table, or table column of any of the underlying Joomla database tables. The feature will prove useful for companies who need to apply audit trail (log) functionality on their Joomla sites.

For some organisations maintaining a complete audit trail for your database is important not only for internal analysis and process optimisation, but also for compliance with industry standards and regulations. One can view the ongoing activity history of a table record, including what action was taken, by whom, and the date and time the action occurred.

Complying with industry standards is important, time-consuming and expensive. Leveraging the Change History information tracking capabilities can reduce the time and effort it takes to gain and maintain any required certification, and dramatically increases the organisation's chances of successfully passing audits.

Key features:

  • Any Joomla table can be monitored.

  • Any number of the columns of a chosen table can be monitored.

  • No Joomla core code is modified.

  • Transparent to any installed Joomla extension.

  • Transparent to any site users.

Please note that Macrotone Joomla Audit is solely an administration product. It has no front end access at all and prevents modification of any collected change history even by the Joomla Administrator(s) themselves.

[Important]Important

It is still possible that a database administrator can modify the underlying data contained in the change history table. Tools such as phpadmin can still function and have the ability to disable triggers, make data changes and then re-enable the triggers, thus bypassing the change tracking. This is something that no Joomla component can possibly protect against.