Security: web hosting and development

It’s not too surprising that the web is more complicated than most people are aware. There are some who probably still think that there is a single server delivering files that are just like any other document.

In reality, the web is made up of an ecosystem of different pieces of hardware and software. Most web pages are delivered with the help of a database and a lot of software to make it appear properly in your browser. After the content is assembled, it is usually cached for future use. The website might sit on a physical server or a virtual server. Busy sites might have many servers distributed in various data centers around the world.

Some static content may be delivered through a Content Delivery Network (CDN). This is a special network of servers where you can store your static content which will serve the file which will be fastest for the visitor.

Most small organizations just aren’t knowledgeable enough about their website to understand all the inter-related software and services that are involved, and why should they be, unless they are in the business.

It matters when people start thinking about securing their site. Far too often something is forgotten or not fully understood. We find that when people procure their own hosting solutions they assume that their provider is taking care of upgrades. Usually this isn’t the case, with the competitive nature of web hosting, generally all you can rely on is reliable power and Internet access.

The Linux kernel occasionally requires security upgrades which only take effect after the server has been restarted. Web servers like Apache and Nginx needed to be restarted after some upgrades too. Most organizations would like to have some control over when this is happening.

Sometimes updates have impacts on other pieces of the infrastructure. Countless websites have gone down because an upgrade was done on the server which impacted the sites which were hosted on it. With evolving languages like PHP, it is not unusual for functions to change names, have their functionality modified, or be deprecated and removed between releases.

Likewise, upgrades to CMS’s sometimes fail because they require more up-to-date versions of code on the server. For example, the performance improvements in PHP 7 are considerable. A lot of people will want to move to the latest code base for that reason alone, but don’t expect to be able to run your Drupal 7 site on it just yet.

Web hosting and application development are different fields, and one cannot simply outsource security upgrades for someone else to do. No web hosting company can “take care” of your server security in isolation of the application that is running on it. Ultimately, someone familiar with your website and its content needs to be involved in performing security upgrades.

Make sure you know what software you are using to deliver your website and keep it up-to-date. The need for organizations to understand security has never been higher.

Mike Gifford
Mike Gifford
Mike Gifford is the founder of OpenConcept Consulting Inc, which he started in 1999. Since then, he has been particularly active in developing and extending open source content management systems to allow people to get closer to their content. Before starting OpenConcept, Mike had worked for a number of national NGOs including Oxfam Canada and Friends of the Earth. As a techie at heart, Mike likes to get into the code when he gets the chance. Being ultimately concerned about the implementation and implications of the technology, he is able to envision how your website can become a much more powerful communications tool for your organization. Mike has been involved with accessibility issues since the early 1990's and is a strong advocate for standards based design.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Latest Blogs

ITB in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.