Greetings! My last post didn't seem to "take". So, let's see if we can't get this ball rolling! Is anybody with me?!??
Something I have always wondered about (and googled umpteen times), is Website Security and Hackers! Now, I personally do not know much about hacking and I *certainly* have no idea about how to manipulate somebodies website! (not that I ever would! I am *still* very strong about karma, in this electronic age!)
I suppose my question here would be, "How important is security and how the heck would I implement it into my website(s)?"
~Thrasher
I think security is important, but it has its place. Me personally, when doing *most* sites, I use a CMS like ExpressionEngine, or a PHP framework like CodeIgniter. These already have most of the security precautions I worry about. I guess the only real "security" issues I have are spam accounts/comments. Am I worried about getting hacked internally? No. Mainly because the sites don't get enough traffic for anyone to care about, and 2 because I _really_ trust the software I use.
If I were to be concerned, I would make sure all my code was clean and up to date, not leave a bunch of "test" files on the server that can pose a security risk. Constantly update passwords for everything server wise.
I believe, correct me if I'm wrong Gordon, that Jason Leveille does some security stuff...er can hack stuff. I think if my brain serves me well, that Gordon was writing some application and Jason Leveille was able to hack it? Maybe i'm crazy I dunno.
Anyway, I guess the bottom line for me is: you need to trust the software you use, unless you are doing everything from scratch, which then I have no say in.
Yes, Mr. Cotter! You made perfect sense! Thank you sssO much!
It has, of course, been a concern of mine and I have barely dented that article you posted, between watching the Academy Awards, talking on the phone, sneezing and conducting rocket science. It has been a very interesting read so-far.
(gosh... It would be nice to see your words on the very page I'm typing on for something to refer to.
I *do* need to go back and see what else you wrote to comment further) brb :::lol:::
A lot of applications and/or stuff I read about in the past, I've heard of, but I really neeeeed to study it further. A couple of my sites do not get that many hits, but one in particular gets hits all over the world and it can be scary, because that site is a "local outfit" for handyman services in the Maryland local area to us, here. It's not like these people really need to see the site. They just/only come out of nowhere. Granted, I recently put some "ideas" & "fix it yourself" things in there and I *have* implemented some serious SEO for it and the site has been around a long-long time, but c-mon "hackers"! Gimme your best shot! (:::lol::: just kidding)
ExpressionEngine, I've heard of and CodeIgniter sounds familliar, but I really have no idea what they are or do. Heck, I just started all this web-business just/only in May 2009 and have been overwhelmed with php, flash, javascript, etc, etc... (not to mention xhtml & css) It's all I can do to keep up with the advancement of everything *&* learn at the same time. HA!
I have practiced very hard at keeping all my pages valid with w3c. Some pages, I just can't seem to make happy (esp.w/strict) and in my personal site with ca273, I've had to leave out a few things like _blank and the removal of some some code Zac had in there that did not validate. (the steal this theme is strict, too)
However, practicing things like validation and what not would surely "keep my code clean". One of the things I was reading in that link you sent was how hackers will give you free code (or something to that affect) that has php stuff that can manipulate things and it is supposedly so-very complicated, that someone like me would over-look it and leave it there for them to "have their way".
Trust the software used? Hmmm... Well, I have the CS4 Master Collection and use most of the applications there-in. Last semester, everything I did in ca272 was with notepad & fireftp. But, being "from scratch", I don't really see anything that would be a problem with this subject.
Okay... Still watching the Emmy's. (George Clooney hasn't won anything yet- lol) If anyone else has something to say on this matter, I would highly appreciate any feedback possible. Please feel free to jump in!
~Thrasher
(gosh... It would be nice to see your words on the very page I'm typing on for something to refer to.
I *do* need to go back and see what else you wrote to comment further) brb :::lol:::
Underneath the "post a new reply" box, there is a button that says "thread review" which lets you see the latest responses.
ExpressionEngine is a Content Management System, similar to WordPress...but better (in my opinion)
CodeIgniter is a PHP framework. Makes life simpler.
Validation is debatable on being "important" but I tend to try and get as close as I can, uless I use CSS3 or HTML5, then I just don't care.
Trust the software used? Hmmm... Well, I have the CS4 Master Collection and use most of the applications there-in. Last semester, everything I did in ca272 was with notepad & fireftp.
That is way better than notepad, but I was referring to software you use with your web sites, ie: ExpressionEngine, WordPress or what have you.
If all you are working with is HTML and CSS then you have to rely on your host to prevent your site from being hacked.
Once you start using server side technologies is when you open your site up to hackers. When you are using server side programming, like writing email scripts, make sure that you do validation for all the fields.
More advanced topics, like protecting against SQL injection are things you will need to learn when you start doing more server side programming.
If you're really trying to dig deep and understand best practices check out this book from O'Reilly http://oreilly.com/catalog/9780596000455/. It may be a little advanced at this point.
When Kyle says clean code, he meant more your programming code, not HTML validation. And software refers to the software you use to power database driven sites, not the software you use on the desktop to write your code.
Thank you guys! You both are awesome! I appreciate the help! ...and "thread review" :::duh::: works like a charm!
I read that whole article in Smashing Magazine last night and woah! I never realized my pants were down in some areas. (pants on the ground- lol) I will further review that article and check my site(s) moreover! (amazing article, btw!)
Ah... "programming code". Not html. My fault. I guess I just/only need to re-check things, accordingly, as I do have some php going on in certain places. I wonder if there is a site (or program) that will double-check code in this respect. One can't be too careful, you know! I'm scared to death of all those terr_or_ists in the world, cos they go way out of their way to throw wrenches into things and I've got all these hits from all over the world in my Handyman site. In fact, just last night, I saw a hit in my we_loveweb_design site from a place in Maced_onia. (remove underscore)
latlng: 41.9997_135,21.4332011 Samoi_lova, Sk_opje, Maced_onia -to be exact (remove all underscores). WTHeck are people from the desert doing at my spot(s)?!?? I even have a meta tag called :::name='robots' content='nofollow'::: in my html! (((grrr))) They must have "surfed in".
Anywhooo.... That's it for now ...gotta go fix my car(s).
~Thrasher
