Home » Website Administration (Page 18)
Category Archives: Website Administration
Little Tips 3: AJAX Can be More Haxxed
In the rush to add fun effects to our sites through javascript and other programming tricks, it’s important to know just how this affects the overall security of your site and server. Most people don’t realize that while javascript allows fun stuff like Windows style effects (lightbox on images, drag and drop stuff, areas opening and closing on your site without page reload, etc.)–that this same functionality also gives the user more power and ability to alter how your site works. Allowing the web browser to do programming level actions means that the end user, i.e. Hacker, now has more information about how your site works since variables and other programming information has to be exchanged between the web browser and the web server. In general javascript opens the most holes in security for any website, and the over reliance on it makes it almost impossible to be totally secure. Nasty things like Cross Site Scripting (XSS) attacks, and other methods to grab cookie or session authentication data all occur due to the loose way that javascript was designed.(this is usually how Hackers get your admin login or are able to log into your admin area)
So remember next time that you really want some flashy effects for you site–ask yourself, is this functional or just an effect? Remember, in 1997 flashing text was considered really cool, as was scrolling text….do they seem so cool now? The content is really what has value–flashy stuff may seem crappy later and only made it more likely that you see “I Haxored J00” at the top of your website.
For some more reading on this subject check out Arstechnica.
WordPress 2.2.2 and 2.0.11 released
WordPress has released updates to both it’s 2.0 and 2.2 branches. These are regular bugfix/security updates and do not (so they claim) affect any plugin or theme functionality–so they should be an easy upgrade by simply overwriting your files with the new ones. As with any security upgrade releases, it’s really a good idea to upgrade as soon as you can. You can download the updates from the main WordPress.org website.
The Legal Issues of Website Publishing
While I tend to focus on the design side of website publishing here at AWSOM.org, there is another major side to the act of creating a website–the legal side. It’s probably true that most people will never run into a major legal hassle running their website–especially if you are an artist or comic creator and simply want to post your work online (assuming you aren’t actually stealing anyone else’s work!). There are times though when you might feel like speaking out on a subject that might be controversial, or mention an experience you had with a product or person that was negative–now you’re suddenly in an area where you may really need to know your legal rights to what you can, and most importantly can’t, say in a protected manner.
This is where the following link comes in: http://www.eff.org/bloggers/lg/.
The above link is to an excellent information page maintained by the Electronic Frontier Foundation, which if you’ve never heard of them are a group of people fighting to keep technology and the internet free of unnecessary legal restrictions (i.e. to maintain free speech and the like). Reading the above page will give you a good idea of what you can and can’t say, and what is and isn’t protected speech. The EFF are a good group and have excellent legal advice–and are willing to hear if you are ever in a situation that they might be able to provide assistance in legal and court related matters.
I can’t stress enough that knowing your legal rights is important. Know your rights BEFORE you get hit with a cease and desist letter…..
Web Page Analyzer website
Here’s another web based tool that might give you some interesting information about your website. Websiteoptimization.com hosts a tool (the Web Page Analyzer) that will tell you a great deal about how your website loads in terms of how fast and how many page elements are being loaded. It’s always good to know how other people will experience your site performance.
I would caution not to get too wrapped up in some of their suggestions though, with the conversion of a large percentage of the world to some form of broadband, not every little element of your page needs to be optimized for speed–but it’s still good to get an outside view of the situation, sometimes you may not realize how many things are really a part of your site.
How To: Test Your Site On Your Own PC
I can’t stress more strongly the need for testing of a new or updated website before it goes live. This is true with WordPress or any other method of setting up a website. The problem I hear the most in regard to this though is most people don’t know how to set up a non-live (as in not visible on the internet and open to anyone going to it) version of their site to do the testing, usually on their own PC. Well, Mac users really have no excuse, since being based on Linux it has a web server built into the regular OS, all you need to do is go to your preferences area and enable it (I won’t bother explaining how to do this, there are millions of google sites that will do that for you).
For Windows users it has traditionally been a whole lot harder. Windows doesn’t really have any support for doing web server services built into it–and in most cases actively makes it hard to get this working. It’s also not really a great idea (in my opinion) to utilize the Windows server system of web services (known as IIS) even if you could since they are really not that great–and most of the world still uses Linux style web services (known as Apache).
So what are Windows users able to use? Luckily a group of people realized this lack and built their own pseudo-Linux style web services install for Windows called XAMPP. The group is called the Apache Friends and they actually have set ups for pretty much every platform also. On Windows the web server package is a simple .exe file that you download and install. At first it might seem a little daunting, but it’s really pretty easy once you get it installed. Instead of going to a “real” web page in your web browser, you instead go to “localhost”, with everything else a branch off of that (so it’s like localhost/mywebsite/). Read their setup instructions and you should be able to figure out where to put your wordpress files.
For the novice the best usage of this environment is to tweak your WordPress themes or try out plugins. Once you finish with these files you can simply copy them to your live web server.