Research before buying web software – script security is important

We spend a good deal of time researching software before we buy it, and even then we are at time disappointed with purchases we had hoped would make web sites function better. Whether it’s server side software for web site addons, or complete web site scripts, take the time to research the piece of software and the company behind it before you try it.

Over the years we have considered hundreds of scripts and programs, a few of those have proven to be excellent choices, but many are half baked, don’t do everything you want them to, or even worse, leave huge hacker / security vulnerabilities for you, and perhaps the other web sites hosted on your web server. Our most recent consideration is one of those, if the price and features combination seems too good to be true, maybe it is?

We have been looking for new chat programs to launch on as server addons for various client web sites, and integrations with a forums or membership system is a key functionality that has been requested. After on hour of research we determined that there were 4 programs that seemed to be a good fir for our client, so we decided to big deeper and see if we could narrow it down.

It would have been easy to just choose the most expensive and well known solutions, but we try to find options that will save our clients money, and often times not every site needs all the full blown features that the most expensive and well know companies make available. Looking for more affordable options we came across a piece of chat software that seemed to have a ton of features, and a very fair price. Wondering if it was perfect for our client, or too good to be true, we decided to do further research and see what other people were saying at other web sites.

Searching for their program and company name in google brought up tons of results, and most of them were from other places that were offering the program, places like hotscripts and the tons of clones out there, none of these were very helpful as far as finding critiques of the company. After digging a few hundred search results into google, we started finding security vulnerabilities posted at about a dozen sites. That;s red flag number one – but these could all be fixed in a current release – so we had to spend more time to find out.

More research revealed some posts on a forum where a particular user was complaining that it did not work in his current server / software environment and had received no support what so ever from the programs author. Red flag number two, but I looked further, and it appears that the post in question was on a forums that was for a similar, or competing product, so not as trustworthy of a review as we would like.

I will be contacting the author of this script to see id they have been aware and fixed the security issues that have been posted online. I will also be asking for a demo of the product to make sure that it works with the membership system that our client is using. Sure it says that it works with that particular program, but which version? Do ALL features work? Better to find out before purchasing if possible.

Before purchasing scripts, or even using free scripts online it’s best to look around the web and see if you can find and security or support issues with the company. Some web sites to definitely check include:

http://www.us-cert.gov

http://insecure.org/

http://secunia.com/

http://www.securityfocus.com/

http://www.f-secure.com/vulnerabilities/SA32603#

http://www.securitytracker.com/search/search.html

This method of research has saved tons of trouble in previous new business development. Working with clients for a new business plan they were setting everything up based upon a company’s affordable piece of social networking software. It looked good, the demo was decent, the pre sales support was fast. They put their entire business plan around the use of this product. I can’t remember what it was that led us to a bad forum thread about it, but that thread led us to links that found many more horror stories about the company, and then we realized that particular script would not work, and that too-good-to-be-true price and feature combination was indeed, too good to be true.

Lessons learned, even when a demo works and pre sales support is fast, it does not mean that everything will work as you planned, and it does not mean that you will get the support you have expected, and if the program will work as it was advertised.

New online community and local search for TN

We have helped a client develop a new online community and local search portal called Tennessee Seen. It’s just a beta launch as of today, but it is setup to handle lots of great functions for people who live or visit cities in Tennessee.

The initial launch will be focused on indexing dozens of great restaurants, bars, and nightlife in the Nashville metro area. After beta testing we will look to include lots of businesses and events for people to browse, read reviews and comment about each business and event. Options for becoming a fan and leaving feedback will be simple for everyone to add and read. Mobile phone picture uploads and more are also slated to be functional by summer 2010!

This should prove to be a valuable asset to the businesses and events in the Tennessee region, as well as a very useful resource for people who are looking to go out and about in Nashville, Memphis, Knoxville and Chattanooga. A wealth of information is about to be put together for the public and easy to find out whats hot if you live in TN or just planning to visit or move here.

New sites – welcome to the web

There are a few new web sites that we’d like to welcome to the web. We have been impressed with the new web sites being created with the open source blogging software from wordpress. With the various theme options and settings now available such as static front page and such, there are some great web sites being creating that look nothing like the standard default wordpress blog.

New sites like the TBS blog and Danny writes are coming together quickly, from people that just got their web sites started this year. With the themes and customization options available along with a plethora of plugins, people are making great fully functioning web sites with a simple server side script.

We have also been consulting with some web sites using the wordpress backend for multiple blog hosting and are really excited about the social network plugins that are being released for wordpress mu, upcoming social network sites massage groups and others will be pioneering a new generation of easy use, self hosted social networks. We are looking forward to the data portability possibilities and hope that these sites are hugely successful.

We will begin consulting with new clients who want to launch their own hosted social networks as soon as testing and upgrades are completely with our current projects. Look for custom profile and other buddypress themes to be made available from us in the near future as well. Looks like 2009 will be a great new year!