I have discovered a powerful new way to set up a test server on a Windows PC. The best part of this new technique is it’s portable and should work on any PC you want. The new technique utilizes a thumbdrive and the software from a company called CH Software. They have developed a very awesome application called WOS Portable II which allows you to create a custom apache webserver configuration and install this to any thumbdrive. Once on the thumbdrive you simply plug it into any PC, start an application on the thumbdrive, and suddenly you have access to a MySQL database and full web server on any PC. The best part is the basic version is free and works great to do testing and development.

To get your own copy go to their download page, select new Download, and select the options you want on your install. I’d suggest php 5 (Not SE), mysql 5 (Not SE), Apache 2 (Not SE), and ImageMagick (this is an image manipulation package), and from the bottom list PhpMyAdmin (helps you add databases to MySQL). You can add some other open source Content Management programs also, but it’s best to try to install things yourself. Once you download the zip file you move the files to your thumbdrive and run the installer–that’s it!

The program creates a wosportable folder on the thumbdrive, and in there is the wos.exe file that you need to run to start the server. Also, place you website files in the folder www within the wosportable folder–then on your pc type “localhost/yoursitefolder” with the name of the folder in www you put your site files in and it will appear in your web browser. If you place the files in the root of the www folder then just type “localhost” to get there.

Now you can play around with anything you want without blowing something up live.

In the rush to add fun effects to our sites through javascript and other programming tricks, it’s important to know just how this affects the overall security of your site and server. Most people don’t realize that while javascript allows fun stuff like Windows style effects (lightbox on images, drag and drop stuff, areas opening and closing on your site without page reload, etc.)–that this same functionality also gives the user more power and ability to alter how your site works. Allowing the web browser to do programming level actions means that the end user, i.e. Hacker, now has more information about how your site works since variables and other programming information has to be exchanged between the web browser and the web server. In general javascript opens the most holes in security for any website, and the over reliance on it makes it almost impossible to be totally secure. Nasty things like Cross Site Scripting (XSS) attacks, and other methods to grab cookie or session authentication data all occur due to the loose way that javascript was designed.(this is usually how Hackers get your admin login or are able to log into your admin area)

So remember next time that you really want some flashy effects for you site–ask yourself, is this functional or just an effect? Remember, in 1997 flashing text was considered really cool, as was scrolling text….do they seem so cool now? The content is really what has value–flashy stuff may seem crappy later and only made it more likely that you see “I Haxored J00” at the top of your website.

For some more reading on this subject check out Arstechnica.