Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
iweb and security? how secure are the sites?
- Thread starter w...b
- Start date
- Sort by reaction score
iWeb itself is secure. It only creates static HTML and some basic JavaScript. If you're own MobileMe, that has no server side scripting that may be manipulated by hackers. So, unless you create some bad JavaScript, an iWeb site should be secure, at least as far as MobileMe is secure.
It also depends on what you're trying to keep secure. iWeb is a poor platform for a business (e-commerce) web site. You can't set anything up professional to handle customers buying anything on it if that's what you're looking into.
It also depends on what you're trying to keep secure. iWeb is a poor platform for a business (e-commerce) web site. You can't set anything up professional to handle customers buying anything on it if that's what you're looking into.
Security would depend mainly on your web host rather than the software used to create the site (as it is only static HTML being exported).
I'm going to answer this in a different way.
iWeb is very insecure when it comes to ONE very important and common component of basic web development:
FORMS
Because even though there is no server side scripting nor is there encryption of any kind on Apple hosted iWeb sites, no form created with the tool is secure. Yes, it's true most iWeb sites are static. Yes, it's true iWeb has not form wizard, so it takes extra effort involving the web widget and pasting HTML into the snippet box. Yes, it's true if you upload it to a third party host then it depends on the resources there.
But for people who don't know all that and simply use the basic iWeb and add in basic forms they got off the Internet to send submitted data to third parties without server side processing (which is possible, here's an example using Google docs) -- this could be very insecure depending on the data being sent. Too easy for abuse to occur, is my point.
I don't blame this on Apple or suggest using any form is bad. I'm just saying its far too easy for abuse and I'll bet alot of you are surprised you can do a form submit with the basic product on Apple's own servers.
This is just an example of why security is really all about context of use as well as the developer's preparedness and knowledge of security protocols, not just the technology or platform.
-jim
iWeb is very insecure when it comes to ONE very important and common component of basic web development:
FORMS
Because even though there is no server side scripting nor is there encryption of any kind on Apple hosted iWeb sites, no form created with the tool is secure. Yes, it's true most iWeb sites are static. Yes, it's true iWeb has not form wizard, so it takes extra effort involving the web widget and pasting HTML into the snippet box. Yes, it's true if you upload it to a third party host then it depends on the resources there.
But for people who don't know all that and simply use the basic iWeb and add in basic forms they got off the Internet to send submitted data to third parties without server side processing (which is possible, here's an example using Google docs) -- this could be very insecure depending on the data being sent. Too easy for abuse to occur, is my point.
I don't blame this on Apple or suggest using any form is bad. I'm just saying its far too easy for abuse and I'll bet alot of you are surprised you can do a form submit with the basic product on Apple's own servers.
This is just an example of why security is really all about context of use as well as the developer's preparedness and knowledge of security protocols, not just the technology or platform.
-jim
What vulnerabilities are you talking about? iWeb just creates static pages unless you're adding extra dynamic content, but that wouldn't be iWeb's fault if that code is insecure. I'm not sure you're talking about the same iWeb as this thread is. It sounds more like you're talking about MobileMe.