iweb and security? how secure are the sites?

Discussion in 'Web Design and Development' started by w...b, Jan 15, 2009.

  1. w...b macrumors regular

    Joined:
    Jul 14, 2008
    #1
    Well i am creating a site for my business and i want to know how secure the site is for.
     
  2. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #2
    iWeb itself is secure. It only creates static HTML and some basic JavaScript. If you're own MobileMe, that has no server side scripting that may be manipulated by hackers. So, unless you create some bad JavaScript, an iWeb site should be secure, at least as far as MobileMe is secure.

    It also depends on what you're trying to keep secure. iWeb is a poor platform for a business (e-commerce) web site. You can't set anything up professional to handle customers buying anything on it if that's what you're looking into.
     
  3. theappleguy macrumors 6502

    Joined:
    Apr 19, 2005
    #3
    Security would depend mainly on your web host rather than the software used to create the site (as it is only static HTML being exported).
     
  4. SrWebDeveloper macrumors 68000

    SrWebDeveloper

    Joined:
    Dec 7, 2007
    Location:
    Alexandria, VA, USA
    #4
    I'm going to answer this in a different way.

    iWeb is very insecure when it comes to ONE very important and common component of basic web development:

    FORMS

    Because even though there is no server side scripting nor is there encryption of any kind on Apple hosted iWeb sites, no form created with the tool is secure. Yes, it's true most iWeb sites are static. Yes, it's true iWeb has not form wizard, so it takes extra effort involving the web widget and pasting HTML into the snippet box. Yes, it's true if you upload it to a third party host then it depends on the resources there.

    But for people who don't know all that and simply use the basic iWeb and add in basic forms they got off the Internet to send submitted data to third parties without server side processing (which is possible, here's an example using Google docs) -- this could be very insecure depending on the data being sent. Too easy for abuse to occur, is my point.

    I don't blame this on Apple or suggest using any form is bad. I'm just saying its far too easy for abuse and I'll bet alot of you are surprised you can do a form submit with the basic product on Apple's own servers.

    This is just an example of why security is really all about context of use as well as the developer's preparedness and knowledge of security protocols, not just the technology or platform.

    -jim
     
  5. yoink macrumors member

    yoink

    Joined:
    Feb 17, 2008
    Location:
    Montreal, Quebec
    #5
    Retracted: i was talking about how awful iweb.com's security was.
     
  6. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #6
    What vulnerabilities are you talking about? iWeb just creates static pages unless you're adding extra dynamic content, but that wouldn't be iWeb's fault if that code is insecure. I'm not sure you're talking about the same iWeb as this thread is. It sounds more like you're talking about MobileMe.
     
  7. eleven2brett macrumors regular

    Joined:
    Oct 20, 2008
    Location:
    H-Town
    #7
    Yeah, that sounds like iweb the webhost.
     

Share This Page