Browse our library of topics and learn how to make your website more effective!
It goes something like this:
(Client): I want to add a shopping cart to my site. I heard that xyz cart is free, can you add that for me?
(Developer): Sure! That looks easy.
There's a few problems with setting up shop on the web. All of your competitors are right next door. You're in the worst neighborhood, with crooks inventing new tools to break in every day. That parking lot you just built now has to accommodate scooters and semi trucks.
If there's one thing that's constant in the web world, it's change.
Yesterday Drupal.org got hacked, and potentially all the password hashes on the site fell into malicious hands.
XSS is short for Cross-Site Scripting, but you probably might ask why the short term is not CSS instead. That's because CSS is already used for Cascade Style Sheets, a pre-existing language for defining styles for web pages, so using XSS will prevent confusion.
A question came across the Drupal Developer's list today asking whether Drupal could auto-update itself, like WordPress. As someone who thinks about security a lot, the very thought of this horrifies me.
It's a bad idea for several reasons, but the biggest reason:
That's the essence of a question I got today. And it's not one that can be answered easily, because there's no such thing as a site being "secure." It's not an either/or question, it's really a "how much" type of question. How hot is it today?
Not 2 weeks after my newsletter calling out how people take for granted that nothing bad will happen to their web sites, two of the biggest providers went down yesterday, Amazon and Akamai, in several separate incide
July 2011
How would losing your web site affect your business?
That might seem like a silly question, but a surprising number of small organizations don't think it can happen to them. Think again -- web sites get lost all the time, through a variety of means. The server hosting your site might have a hardware failure. Your site might get hacked. Your web developer might accidentally delete something critical. Your host might go out of business, leaving you stranded. If you're in the tech world, you hear about these incidents all the time.
No matter how diligent you are at preventing vulnerabilities and securing your environment, it's impossible to be completely secure on the Internet. What you can do is plan for how to limit the damage that people can do when they manage to compromise some part of your system. This line of thinking is called "Defense in depth" -- you can't just apply security updates and call it good.
Backups are the safety net and an absolute requirement. But the next most important part is doing what you can to stay out of trouble. We've all become accustomed to security updates on our computers. Today every operating system has an update system, and a huge number of attacks are on vulnerabilities that have fixes released but people have neglected to apply.
How would losing your web site affect your business?
That might seem like a silly question, but a surprising number of small organizations don't think it can happen to them. Think again -- web sites get lost all the time, through a variety of means. The server hosting your site might have a hardware failure. Your site might get hacked. Your web developer might accidentally delete something critical. Your host might go out of business, leaving you stranded. If you're in the tech world, you hear about these incidents all the time.
