Resources
Resources
Open source site security...
Developing a site based on a publically available codebase can present some security concerns. Read more >
HTML5 is not...
What exactly is HTML5 and why is everyone talking about it? Read more >
E-Commerce Registration
The E-Commerce checkout process is an area of the web that has been largely overlooked because of its technical complexities and limitations. Read more >
Technicians VS. Architects
There are technicians and architects in every field, but its especially relevant in our industry. Read more >
Keeping track of the bits and bytes
We are all about efficiency at Floodlight. To help increase all of our productivity we use an array of systems/services to help manage our projects. Read about them... Read more >
Lion OSX
We've upgrade our main machines and overall the update has been great. Read more >
Making the Switch
Many designers are seeing the need to be versatile in their design skills and are working on making the transition from print based design to the digital world of websites, apps, and software. Read more >
Joomla 1.6 Release
With the recent release of Joomla version 1.6 many designers are wondering how that effects the sites they offer their clients. Read more >
Web 3.0 is Here
With the Web 2.0 movement well behind us many are imagining what Web 3.0 will be. Read more >
DNS for Designers
DNS is an often mis-understood portion of the website design process. Read more >
Open Source CMS Survey
Once a year there is a survey released that outlines how ofter various open-source CMS's are used and detailed information on each of the options. Read more >
How do developers prefer art files?
Fireworks, InDesign, Illustrator, Photoshop? What formats do developers want art files in when accepting a site. Read more >
Open source site security...
In general hackers are looking for simple exploits that they can run across a large number of sites. They will write scripts that attempt to inject code on thousands of sites and find a few that are vulnerable. The reality is that if a talented hacker wanted to expose a vulnerability in your site they could. Similar to door locks (that are easily picked) our goal is to discourage this by not leaving the door wide open.
From what we've seen, the largest vulnerabilities in open source sites come from poorly developed add-ons. This happens quite frequently because the user base is so large and there are many people that aren't following coding best practices contributing to add-on libraries. At Floodlight we prevent this by developing the majority of the extensions we use in-house. While we do use a handful of open-source plugins/modules/components we have fully vetted their security and keep an eye on updated releases.
Another exploit that we've seen used is breaking in to an admin simply via the login page. Various issues with forgot password functionality and overly simple passwords allow this to be a point of vulnerability. On sites that we are concermed about this, we've implemented server level logins and query string requirements that prevent unauthorized users from even accessing the page.
Even when eliminating these significant vulnerabilities we always plan for the worst. We perform nightly, offsite backups of all our sites that we save for 6 months. This allows us to easily restore the site if disaster hits.
