Welcome, Hackers!
May 10, 2012 6:01 AM Subscribe
Does including a "welcome to my website" statement on your homepage invite or legitimize hackers?
Several people in the IT department at my organization have said that we cannot put "welcome" on any of our (internal or external) webpages because that invites "hackers" and makes it okay for them to alter the site.
This sounds completely nuts to me, and I'm having a hard time googling it. Is this a thing? Where could this idea be coming from?
Several people in the IT department at my organization have said that we cannot put "welcome" on any of our (internal or external) webpages because that invites "hackers" and makes it okay for them to alter the site.
This sounds completely nuts to me, and I'm having a hard time googling it. Is this a thing? Where could this idea be coming from?
No more than putting out a "Welcome" mat at your front door legitimizes burglars or arsonists.
posted by Mercaptan at 6:05 AM on May 10, 2012 [14 favorites]
posted by Mercaptan at 6:05 AM on May 10, 2012 [14 favorites]
Have you asked them to elaborate on the logic behind this? The only thing I could think is that they may know about some codeor something that exploits some of the programming unique to welome pages.
Mind you, I know absolutely zero about programming and this sounds ridiculous on a common-sense level, but I allow for the possibiliity that there is some quirk of programming that I don't know. If they can't provide evidence of such a quirk, however, then...they're being very paranoid.
posted by EmpressCallipygos at 6:07 AM on May 10, 2012
Mind you, I know absolutely zero about programming and this sounds ridiculous on a common-sense level, but I allow for the possibiliity that there is some quirk of programming that I don't know. If they can't provide evidence of such a quirk, however, then...they're being very paranoid.
posted by EmpressCallipygos at 6:07 AM on May 10, 2012
Totally nuts.
posted by unixrat at 6:08 AM on May 10, 2012 [1 favorite]
posted by unixrat at 6:08 AM on May 10, 2012 [1 favorite]
It's bogus, but maybe this is their way of telling you, "We don't want welcome messages on ANY of our sites because we think they're tacky," without having to explain to you their philosophy in web design.
posted by denriguez at 6:10 AM on May 10, 2012 [15 favorites]
posted by denriguez at 6:10 AM on May 10, 2012 [15 favorites]
Maybe they think hackers are like vampires, and can only come in if invited? That's all I got. (Our IT department and the company that does the heavy lifting for our site maintenance do not seem to think this, fwiw.)
posted by rtha at 6:11 AM on May 10, 2012 [11 favorites]
posted by rtha at 6:11 AM on May 10, 2012 [11 favorites]
Best answer: This is a long-running bit of folklore; it's been "received wisdom" for well more than ten years. I disagree that it's "completely nuts" or that it's a hidden design agenda. Here are a couple cites:
There is a cyberlegend about a case that was dismissed and a hacker let go because the system banner said Welcome to system XYZ
And ...
One of these issues is the issuance of the word “welcome” in the login banner and headings for any given system, server or network appliance. Many discussions have ensued (and still continue today, though not as intensely as several years ago) pertaining to the simple, but powerful, word “welcome”.
Justified or not, what they are saying is grounded in common advice propagated in technical books and articles.
Google searches along the lines of "MOTD welcome hacker" yield more discussion. Honestly I've probably passed this advice along before myself based on the 'common knowledge', it had never occurred to me to validate if the alleged legal precedent existed. And I also see a difference between a system login banner and the text on a website.
posted by These Premises Are Alarmed at 6:17 AM on May 10, 2012 [9 favorites]
There is a cyberlegend about a case that was dismissed and a hacker let go because the system banner said Welcome to system XYZ
And ...
One of these issues is the issuance of the word “welcome” in the login banner and headings for any given system, server or network appliance. Many discussions have ensued (and still continue today, though not as intensely as several years ago) pertaining to the simple, but powerful, word “welcome”.
Justified or not, what they are saying is grounded in common advice propagated in technical books and articles.
Google searches along the lines of "MOTD welcome hacker" yield more discussion. Honestly I've probably passed this advice along before myself based on the 'common knowledge', it had never occurred to me to validate if the alleged legal precedent existed. And I also see a difference between a system login banner and the text on a website.
posted by These Premises Are Alarmed at 6:17 AM on May 10, 2012 [9 favorites]
It's bogus, but it does make you look like a n00b. Writing "Welcome to our homepage" is in the same category as having an intro animation.
posted by devnull at 6:18 AM on May 10, 2012 [10 favorites]
posted by devnull at 6:18 AM on May 10, 2012 [10 favorites]
Google searches along the lines of "MOTD welcome hacker" yield more discussion. Honestly I've probably passed this advice along before myself based on the 'common knowledge', it had never occurred to me to validate if the alleged legal precedent existed. And I also see a difference between a system login banner and the text on a website.
Yeah, if you're talking about a log-in page for a router or a unix server, that's a totally different thing.
posted by empath at 6:20 AM on May 10, 2012 [1 favorite]
Yeah, if you're talking about a log-in page for a router or a unix server, that's a totally different thing.
posted by empath at 6:20 AM on May 10, 2012 [1 favorite]
Best answer: IT guys seem to be full of these nuggets of "received wisdom" and swear by them. For instance, to this day, you can find IT managers who absolutely refuse to support Macs on their networks, and using the excuse that "Apple is about to go out of business". In 2012. Seriously.
Saying "Welcome..." on your home page is perfectly fine and does not open you to legal hacking.
posted by Thorzdad at 6:40 AM on May 10, 2012 [1 favorite]
Saying "Welcome..." on your home page is perfectly fine and does not open you to legal hacking.
posted by Thorzdad at 6:40 AM on May 10, 2012 [1 favorite]
I think this is just their way of telling you that putting "welcome to my website" on a corporate website is completely undesirable.
posted by KokuRyu at 6:49 AM on May 10, 2012 [5 favorites]
posted by KokuRyu at 6:49 AM on May 10, 2012 [5 favorites]
I'd say it invites cracking in that it fairly screams, "I have no idea how to keep you from cracking this."
posted by bricoleur at 8:37 AM on May 10, 2012 [3 favorites]
posted by bricoleur at 8:37 AM on May 10, 2012 [3 favorites]
Response by poster: Welcome to my comment!!
It seems like this has been promulgated in the department by a particular (recently retired) IT director. I figured he had picked up the idea from an urban legend, but googling was letting me down.
It is definitely not a sly way to enforce web design standards - we're just not operating at that level of sophistication.
posted by jeoc at 5:18 PM on May 10, 2012 [1 favorite]
It seems like this has been promulgated in the department by a particular (recently retired) IT director. I figured he had picked up the idea from an urban legend, but googling was letting me down.
It is definitely not a sly way to enforce web design standards - we're just not operating at that level of sophistication.
posted by jeoc at 5:18 PM on May 10, 2012 [1 favorite]
This thread is closed to new comments.
posted by empath at 6:03 AM on May 10, 2012 [15 favorites]