Website design software?

Robert Stratton bob at stratton.net
Sun Apr 17 22:37:47 CDT 2011 

If you're concerned at all about having your site being used for distribution of malware to visitors, RS' concerns re: PHP are fairly well-founded. 

PHP is easy to use but has been extremely problematic from a security standpoint. Additionally, the wiki.php.net site was compromised last month and all wiki account credentials were compromised. To the PHP folks' credit, they audited their source code base and looked at every commit since 5.3.5 but didn't find any malicious additions to the source code base. 

Trusting the button to do everything right is iffy with pretty much any vendor. Sourceforge discovered in January that they were compromised. It's still not clear just how much validation they actually managed to complete, though they too say they're trying to review all of the code bases there. 

The issue with PHP is that it has been the least common denominator for building vulnerable websites for years now. It's not impossible to do the Right Thing with it, but there's a legacy of difficulty.

--Bob S.

----- Original Message -----
> And what serious security problem will WB4FJI encounter running
> WordPress on a personal website? There are easily tens of thousands of
> WordPress installations that are humming along quite nicely. And as of
> version 2.8 or something like that, updating the software is as simple
> as clicking a button.
> 
> 73!
> 
> Dan KB6NU
> ----------------------------------------------------------
> CW Geek, Ham Radio Instructor
> Station Manager, WA2HOM at the Hands-On Museum (www.wa2hom.org)
> Read my ham radio blog at http://www.kb6nu.com
> 
> 
> On Apr 17, 2011, at Apr 17,9:29 PM, Robert E. Seastrom wrote:
> > There are a couple of reasons to *not* run WP at all, including the
> > fact that it's crummy PHP code and a poster child for security
> > problems. The PHP security geeks seem to like Serendipity instead:
> > http://www.s9y.org/
> >
> > If I had a serious need to run WP, I'd absoutely run it somewhere as
> > a
> > customer of a service, so that keeping it updated was Someone Else's
> > Problem.
> >
> > Joomla, while not quite as bad, is routinely used to own up websites
> > too. Gotta keep on top of the security updates.
> >
> > -r
> >
> > Dan Romanchik KB6NU <cwgeek at kb6nu.com> writes:
> >
> >> There are a couple of reasons to run your own WP installation.
> >> First of all, you can use any theme available, not just what
> >> wordpress.com lets you. The same goes for plugins.
> >>
> >> If I were you, I'd go for WordPress. It's very easy to set up and
> >> very easy to change later when you want a new look.
> >>
> >> 73!
> >>
> >> Dan KB6NU
> >> ----------------------------------------------------------
> >> CW Geek, Ham Radio Instructor, Website Developer
> >> Station Manager, WA2HOM at the Hands-On Museum (www.wa2hom.org)
> >> Read my ham radio blog at http://www.kb6nu.com
> >>
> >>
> >> On Apr 17, 2011, at Apr 17,6:50 PM, jason at thought.net wrote:
> >>
> >>> Regarding wordpress, it's easy enough to install, but why bother?
> >>> Several providers will provide blog space for cheap (or indeed
> >>> nothing, eg. Wordpress.com). Using your own domain with them
> >>> requires a little DNS-fu (and cooperation with the blog/cms
> >>> provider).
> >>>
> >>> --jason wright
> >>> -----Original Message-----
> >>> From: Terry Fox <tfox at knology.net>
> >>> Sender: tacos-bounces+jason=thought.net at amrad.org
> >>> Date: Sun, 17 Apr 2011 17:24:13
> >>> To: tacos at amrad.org<tacos at amrad.org>
> >>> Subject: Website design software?
> >>>
> >>> I've had wb4jfi.com and wb4jfi.org set up for a while now, using
> >>> justhost.com as the provider. I haven't had the time, interest, or
> >>> knowledge to build up those sites, and have used some very basic
> >>> HTML
> >>> editing to put anything at all there. I now want to expand that
> >>> site
> >>> some, but am confused on the benefits of various web tools.
> >>>
> >>> justhost.com provides a simple "Site Builder" which is interactive
> >>> and
> >>> web-based. It also appears rather limited, due to the simple
> >>> user-interface. They also support Joomla and Wordpress. While
> >>> these
> >>> aren't Greek, they might as well be. I sort of understand that
> >>> Wordpress is a blog software package, with limited CMS, and Joomla
> >>> is a
> >>> CMS. I also have an HTML editor and simple web page creator from
> >>> Coffee
> >>> Cup that I bought a while back.
> >>>
> >>> What I want to do is be able to put stuff at wb4jfi.com without
> >>> taking
> >>> up a lot of time and effort. Every hour spent on building the
> >>> website
> >>> is another hour taken away from SDR design, or other worthwhile
> >>> ham
> >>> radio project. I kind of like the idea of a blog, but not
> >>> something
> >>> that takes up a lot of time organizing the thing. I have a book on
> >>> Wordpress, and am reading through it right now. It seems OK. I
> >>> also
> >>> have a book on Joomla on the way. The thing that bothers me about
> >>> both
> >>> of them is the setting up, and specialized software on the server
> >>> required.
> >>>
> >>> Oh, and one more thing, for those that don't know me very well, I
> >>> have
> >>> trouble drawing a stick-figure. I am NOT an artist of any kind!
> >>>
> >>> Given all the above, does anyone out there in virtual taco-land
> >>> have
> >>> comments or suggestions to help me out?
> >>> Thanks,
> >>> Terry, WB4JFI
> >>>
> >>> _______________________________________________
> >>> Tacos mailing list
> >>> Tacos at amrad.org
> >>> https://amrad.org/mailman/listinfo/tacos
> >>> _______________________________________________
> >>> Tacos mailing list
> >>> Tacos at amrad.org
> >>> https://amrad.org/mailman/listinfo/tacos
> >>
> >> _______________________________________________
> >> Tacos mailing list
> >> Tacos at amrad.org
> >> https://amrad.org/mailman/listinfo/tacos
> 
> _______________________________________________
> Tacos mailing list
> Tacos at amrad.org
> https://amrad.org/mailman/listinfo/tacos

More information about the Tacos mailing list