So you’re looking to get a website built and you’re worried about security. Well, now’s the time to look at how you’d like to get that website built, because many of the basic website-building languages have varying levels of security available. Now this article is not here to discuss the details in great depth, but it will give you a basic overview of some of the basic ideas around security and how the different languages handle them.
From a security perspective, size isn’t as important as the data that you’re trying to protect. For example, if you’re creating an online banking service or stock exchange service, then security is of the highest importance, and you’re going to want to use a language like Java. Java can provide you with a service layer – one that acts like a gatekeeper to your database to protect it from being accessed by people or processes that should not be able to access it.
However, if you’re planning to have a blog, or small online store that uses third-party hosted service for payments, your security is still important to protect your orders, your inventory and that kind of information, but credit cards and customer confidential information is maintained by an off-site payment collection facility (such as PayPal). These types of sites are commonly created with development tools like PHP/ASP or Perl, and often use prepackaged applications to start with like WordPress or Drupal.
Understand that these two examples are extreme cases on opposite ends of the website-development spectrum. Most likely, the site that you’re getting built will fall somewhere between a very simple blog and a banking application that handles checking accounts, savings accounts and financial information. It is very important to make sure that you sit down early on with your developer and understand the different levels of security that are offered by the development tools that he plans to use. It’s also beneficial to make sure he’s aware of any future changes or enhancements that you’re looking to make so that he can make sure that not only your current needs for security are taking care of, but also your future needs can be handled without an entire rewrite of your new website.
The basic concept of security, when it comes to web development, is a cost-risk benefit. In other words, when you get into the more complex and secure languages like Java, your development costs are going to be higher. When you’re working with some of the less complicated languages like PHP, your costs are less because the language is less complicated and security requirements are much more relaxed. Do please keep in mind that this does not mean that these languages are not secure, they just have limitations, and you’re going to have to weigh the additional cost versus the benefit or risk that would be provided by using one of them.