Continuing with my theme on building a sense of community among your Web site's visitors, I think it is necessary to discuss how you deal with the miscreants in the crowd. Every community has them, and the Internet is no exception. These are the people who feel that those who are generous enough to give them free access to on-line resources deserve to be taken advantage of.
Here's an example. In the old days, it was pretty common to share a folder on the Web through "anonymous FTP." A visitor could share files with other visitors by uploading it to the shared folder. Now, allowing anonymous visitors to write files to your Web server is suicide. There are opportunists out there who troll the Web for servers with this vulnerability, and then they upload gigabytes and gigabytes of junk. I've seen it happen to two of my customers, and the files can be very difficult to remove once they are in place, due to some clever file naming strategies.
If you have used a public bulletin board or newsgroup, perhaps at your favorite portal site, you've probably had to waste your time wading through endless defamatory, rude, and bigoted diatribes posted by loonies who use the service as their personal soapbox. After a while, you get a few of these folks "yelling" at each other on-line, and the bulletin board becomes too irritating to use. Most portal sites have had to adopt a registration requirement so they can control who has access to the service and cut off participants who become obnoxious.
These are just some examples of how making an on-line resource freely available to the public can have serious side effects. If this kind of thing happens on your site, it can damage your company's image and drive customers away.
The only way to avoid these problems is to make sure that the public is never allowed to provide content that appears directly on your Web site. The most common way to restrict access is to put all facilities that accept visitor input behind a login screen. You then give your customers a login name and password that gives them access to the restricted areas. When they visit your site, they must log in before they can use the protected facilities. Although this approach makes more work for you and your visitors, it can make the customer feel more special, and you can rest a little easier knowing that Theodore Kaczynski can't post his manifesto to your Web site without your knowledge.
For even more control, you can let registered users post information, but not allow the information to appear on your site until you review it and accept it. For a business Web site, it usually isn't necessary to go to this extreme because your visitors are your customers. They have their own image to protect as well as a business relationship with you that presumably is valuable to them. You don't bite the hand that gives you free access to support on the Web!
For the most part, you implement Web site security measures to deal with Internet vandals, not genuine visitors. But as long as the vandals are out there, you must be prepared to protect your site from them. |
