Web Design Security







Web Design Security




Larry Neal Gowdy, June 13, 2010, updated March 30, 2016 & January 01, 2017


Web Design Security blast

Just because a technology exists, it doesn't mean that it must be used.

Got bugs?

There are many ways to eliminate pesky bugs, but the chosen method should take into consideration that the remedy might be worse than the problem. Yes, a dangerous bug can be eliminated with a nuclear weapon, but a fly swatter might work just as well, and cleaning up afterwards is so much easier when a fly swatter is used.

I use CSS, HTML, JavaScript, PHP, and everything else that might be a useful tool for a website, but the choice of which tool to use will depend on the intended purpose of the website. If a website design absolutely must have blinking menus, then we might decide between JavaScript and CSS, but if the web design works just as well without flashing thingamabobs, then I will likely choose CSS and static HTML.

If a web design absolutely must have dancing bears and an mp3 of aunt Mary's rendition of Swan Lake on harp and banjo, then we might choose Adobe Flash® or a combination of animated gifs and embedded audio players. The final choice of what is used on a website will be largely dictated by what effects are necessary in the site itself.

Just because the technology exists for a website to blink a thousand colors a minute and to have fifty pink hearts follow the mouse pointer across the screen, it does not mean that we must use the technology. Too often the technologies have bugs of their own, and the clean-up can be massive. It is a favored choice to use what works, what accomplishes the intended purpose, and what best prevents future problems.

Web Design Security fly swatter

Choose the right tool for the right reason.

One of the most important future problems to consider is security, or the lack thereof. It is well known that in the past one of the greatest security threats came from viruses within Java and JavaScript (JS) scripts. To help lessen the threat of viruses many corporations have turned off the ability for their company computers to view Java and JavaScript. What good is a Java/JS-based website that is aimed at corporate audiences if the corporations cannot view Java/JS? The same applies for several other applications including Flash. When I design a website, the layouts take into consideration not only the appearances and dependability but also the intended audience. If your audience is security conscious, then expect me to advise against the popular but unnecessary scripts unless they are absolutely necessary and only used within a secured envelope.

JavaScript has recently become reasonably useful because the major browsers can now render JS more safely. Newer operating systems like Windows® 8 make good use of JavaScript, and the new Internet Explorer® 10 has Flash built-in so as to help increase security. Nevertheless, there are still a lot of old browser versions being used, and too, Apple® has purposefully chosen to no longer permit Flash compatibility, so each website design must decide which is more important, to use animations that many users cannot view, or use a static or semi-static website that most anyone can view. It isn't always an easy choice, especially now that mobile devices have become more popular and the mobile devices themselves are not much compatible with each other.

Security threats do not only exist on the user's end but also for the website owner. In recent days a hacker has again attempted to break into one of our hosting accounts, and the hacker would have likely succeeded if we had used some of the popular do-dad blinking add-ons that are often found on various websites. We were being hit hundreds to thousands of times a day by would-be hackers on another site that had become nationally popular on search engines, and the only means of eliminating the attacks was to re-secure the coding. A previous customer chose to have an overseas firm help with website updates, and somewhere along the way someone inserted some rather nasty trojans into the customer's website, causing the customer to lose the website entirely.

Criminals do not think the same types of thoughts as honest people think. A favored story of mine is of my installing some rather expensive computerized security equipment for a convalescent home and my jokingly asking a nurse why they needed a security system: "To keep the old folks from escaping?" The nurse explained that the security was necessary because of the medications. For those of us who do not have criminal intents, we may never recognize a security risk until after we have suffered a security breach. I have serviced computerized security systems throughout the panhandle, from small town jails and banks to maximum security state prisons, and the one thing that continues to surprise me is the determination of crooks to steal. A common thief will invest more time and effort into committing a crime than what the thief could have earned at an honest job. There are countless thieves throughout the world who tirelessly work towards breaking into websites so that the crooks can insert viruses and trojans with the aim to make nickels and dimes off of illegitimate ads.

Nothing on the Internet is completely secure, but with a little forethought we can build a website that will very likely live a nice long trouble-free life, and a large percentage of that long life is accomplished by nixing those darn dancing bears.

I want my customers to know that I use specific types of programming for specific reasons, and if I have chosen to avoid unsafe applications in my own websites, then I will recommend that the customers do also. Ask me for more information about current security risks; I am always happy to show a customer why my websites are designed with security and dependability in mind.














Except where noted, this website and all of its contents are copyright©2008-2017 by Larry Neal Gowdy.
All Rights Reserved.