| Re: newbie question [message #172927 is a reply to message #172923] |
Sat, 12 March 2011 03:22   |
Jerry Stuckle
Messages: 2598
Registered: September 2010
Karma:
|
Senior Member |
|
|
On 3/11/2011 8:58 PM, Twayne wrote:
> In news:ilehhp$fem$1(at)news(dot)eternal-september(dot)org,
> Jerry Stuckle<jstucklex(at)attglobal(dot)net> typed:
> :: On 3/11/2011 7:17 PM, Robert Crandal wrote:
> ::: I want to build a website that allows users to create
> ::: their own profile accounts, kind of similar to Myspace or
> ::: any other website. So, users will be able to create their
> ::: own passwords, then login and manage their profile, then
> ::: logout when done.
> :::
> ::: My questions are, what sort of programming languages or
> ::: web skills do I need to learn in order to develop
> ::: something like this? Is the source code typically complex
> ::: for something like this? Is there any sample source code
> ::: which shows how to create and manage the accounts of
> ::: hundreds of website visitors? Is CGI or PHP involved
> ::: in this process?
> :::
> ::: Thank you, I really would like to know more about this
> ::: subject. Right now, all I know is HTML, CSS and
> ::: Javascript, but it seems like I'm missing further skills
> ::: to be able to create a website which offers user logins,
> ::: or shopping carts, and other complex features.
> :::
> ::: Robert Crandal.
> :::
> :::
> ::
> :: You will need some type of server-side language, such as
> :: PHP, Perl, Python, Ruby on Rails or any of a dozen others.
> :: You will also probably want a database, so you'll need to
> :: learn SQL and a database such as MySQL.
> ::
> :: Source code can be as easy or complex as you want to make
> :: it. And you really don't worry about managing "hundreds
> :: of visitors" - you are only dealing with one at a time.
> :: Let the tools such as the database take
> :: care of the rest.
> ::
> :: But you also have to be VERY CAREFUL. There are any
> :: number of ways hackers can break into your site unless you
> :: know *exactly* what you're doing. For example, Google
> :: "SQL Injection".
> ::
> :: The most important thing to remember is NEVER trust
> :: anything from the user. ALWAYS verify EVERYTHING, even
> :: data from forms you sent.
> ::
> :: Since you have no experience in server-side programming, I
> :: would recommend you get one of the CMS's which will do
> :: much of that for you. There are any number around (but
> :: discussions/recommendations for which
> :: to use is beyond the scope of this newsgroup).
> ::
> :: --
> :: ==================
> :: Remove the "x" from my email address
> :: Jerry Stuckle
> :: JDS Computer Training Corp.
> :: jstucklex(at)attglobal(dot)net
> :: ==================
>
> True, there are many CMS's around, but I haven't seen any of the freebies
> I've looked at that carried much in the way of Security and Protection code.
> Some will use an almost impossible to read Captcha code, but even then
> doesn't provide a lot of protection compared to what one really needs or
> wants. While there is no such thing as a 100% "protected" site, all one can
> do is come as close to that as they can. CMS's I've looked at don't provde
> much more than NOF does in that manner, although 12 claims to have improved
> it. I'd have to see it to believe it though.
First of all, CAPTCHA has NOTHING to do with security.
And you need to look again. The Open Source CMS's have really improved
their security.
> Javascript is another set of holes, depending on where/how it's used and
> I avoid it as much as possible in any kind of user input; it's too easily
> hackable plus not everyone uses javascript, so you also have to make sure
> things still work without it.
>
Javascript has its uses, and is very good in its place. I use it where
appropriate.
> I would recommend a good research job on Security and Protection of Input
> code of any kind and a little practice wtih it. w3schools.com and php.net
> are two excellent starting points with excellent information on the "why" of
> all their recommendations and loads of information for further searches.
Neither site has very much in input security. Heck - even Wikipedia has
a better discussion of SQL Injection than either of these sites.
> Often, an ISP will also offer such things; does yours?
No ISP offers protection for user scripts.
> Personally I use PHP, but as another suggested, other languages are just
> as good; the use of server-side code keeps the code from the eyes of the
> guys that look at the Source Code wit their browser, at least, and from
> anyone if done properly. I use the cgi-bin for hiding important files I
> don't want looked at by anyone that gets in without usernames and passwords.
cgi-bin does nothing to help you. There are much better ways of doing
this (like placing the files completely outside the web server's
directory hierarchy).
> You'll want a good wysiwyg html editor of some sort. The offerings range
> from the free NVU to Dreamweaver and my favorite, Fusion right now, although
> their official support no longer exists and there is no company support for
> it that's much good yet. There are excellent newsgroups available though.
> Just my opinion. It's also about $200 per seat, so not free by any means. I
> guess it depends on how involved you want to get with your web sites. NOF-11
> has been the standard version and I see NOF12 is finally out, but I haven't
> checked to see whether it's buggy or not. It could be, since NetObjects is
> the only selling the product, but they long ago sold it to some mystery
> company that turned around and resold it, if comments on this newsgroup are
> accurate. If possble, I'd try to wait and watch the group comments on the
> product before I spent money of NOF-12 since it wasn't created by the
> original creators of NOF (Netobjects Fusion, which it isn't any longer,
> apparently).
>
Worst advice ever. I have yet to see a WYSIWYG editor which produces
even half-assed code. Most are much worse.
I can tell in about 0.02 seconds when someone has used one - and EVERY
site I've worked on where one has to be used requires major cleanup.
> Just my opinions; ymmv of course.
>
> Twayne1
>
>
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex(at)attglobal(dot)net
==================
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]