Security Considerations for Website Developers
- Which OS Should You Look For?
- What Is the Web Host's Reputation?
- User Permissions
- How and When Do I Set Up SSL?
- What Is a CA Certificate?
Although the system admin or security admin has the overall responsibility for site and network security, a website developer must do certain things to make it possible for admins to secure the system. (Of course, you, as the developer, might also be the admin.)
The most important task is choosing a good web hosting provider. We look at the most important things to keep in mind here: the operating system, the site's reputation, user permissions, and SSL and certificates.
Which OS Should You Look For?
For starters, look for a *nix OS:
Why not Windows? Consider this statement from Brian Valentine, senior vice president of Microsoft Corporation:
"We really haven't done everything we could to protect our customers. ... Our products just aren't engineered for security." (See http://archive.infoworld.com/articles/hn/xml/02/09/05/020905hnmssecure.xml.)
There isn't enough space in this article to discuss the known security problems with Windows/IIS. If you're interested in this topic, I recommend searching on Google.
Of course, it is possible to run a secure Windows server installation, just as it is possible to run an insecure *nix installation. But choosing a *nix hosting service shifts the security odds in your favor.
You can find out what kind of OS a web host runs and other web hosting service information at host-search sites such as http://www.hostsearch.com, which also provides site user reviews.