On 2016-04-26 10:03, Rubén Llorente wrote:
On Tue, 26 Apr 2016 06:15:22 +0000, David Lou wrote:
When I say 'blog', I'm referring to a website that contains
essentially
many pages of content. Each content page has attributes such as title,
date, category, tags, and so on. When a user browsers this website,
the
content pages are served in a visually attractive layout, with
possible
bells and whistles such as Facebook/Twitter share buttons, and comment
sections. Additional features may include a search bar and an archive
page.
I'm shying away from popular solutions such as WordPress because (1)
I'm
not sure if it even installs on OpenBSD and more importantly (2) I'm
not
convinced that it adheres to the OpenBSD principles of correctness and
proactive security.
Hello, and welcome.
A static website generator is a safe bet. You can use bashblog or any
similar alternative, for example. Bashblog can be seen in action at
http://www.richard-falken.com
Bashblog might need some hacking in the code in order to include social
media buttons, but the CSS is easy enough to configure. No native
comment
services exist, but it can integrate with external ones.
For the record, I don't like commentary mechanisms that work as an
external service to your website. In fact, I would not care for a
commentary mechanism unless you really needed it. A commentary
mechanism
forces you to deploy anti-spam defenses, to police against trolls and
is
one of those things that don't let you stop worrying about the
administrative aspects of being running a website.
Regards.
I wanted to second this because it's such a good idea. static site
generation can turn even wordpress from a terrifying disaster into a
secure site since you're only serving HTML/CSS/images.
If you want to make a dynamic "web application" then consider using
ur/web [1]. The programming language itself protects against SQL
injection, XSS attacks, CSRF attacks.
String based scripting languages like {node, php, python, perl, ruby}
have added on frameworks that try to 'prepare' sql queries or template
HTML to get it to do the various different levels of quoting for you.
It's possible to make secure sites in them if you do everything right.
problems still slip through.
That's why I recommend a programming language designed to remove these
issues entirely by parsing and understanding the sublanguages involved
in making a website (instead of having them as strings in your code).
[1] http://www.impredicative.com/ur/
