What program will build my company website?
October 24, 2007 5:02 PM   Subscribe

I will soon be put in charge of putting together a secure website for my company. It won't be terribly complex (I think), and it doesn't have to look terribly pretty, but as a relative newbie to something like this, I need some advice as to what software to use.

The purpose of the site is to take a rather large number of mainly Word .doc files and some PDF files and make them available for employees via the Internet. As it's for employees only, and we need to protect the files from rivals, a login/password will be necessary.

The files must be categorized and tagged, so I can add a search function. And I also want to add a forum page, so employees can discuss and talk about work and so forth.

So what software is useful for accomplishing these things? Aside from a handful of HTML tags, I don't know any programming language, though I've taught myself some Python basics and can continue that if it'll help with this project. Is there a program that can cover all these bases? Something free/open source would be ideal.

Lastly, is this possible on a relatively older PC (maybe Pentium I or II) running Windows XP, or would I need something more robust?
posted by zardoz to Computers & Internet (9 answers total) 2 users marked this as a favorite
Hmmm...I'm not sure you can get away with using just a Pentium I or II, not without adding a lot of memory. This is even moreso if you're going to try to run a webserver on top of it.

Is there a reason that this has to be a website? It sounds like you are describing a file server, which can be implemented without using a website interface and can be set up to be available over the Internet. This will probably be less CPU intensive than setting up a web interface.

...oh wait, just saw the search function.

Hmmm...does this have to be hosted on a computer inside your company? I'm almost certain there are web services out there that could do this faster and easier than setting it up yourself.
posted by Deathalicious at 5:26 PM on October 24, 2007

Response by poster: Thanks, Dethalicious, and as to your last question, it doesn't have to be hosted at the company, but I'm sure they would appreciate saving money if possible. This is a small company, so maybe a web service would work, or maybe we can get a hold of a more powerful computer. As you can see I'm in the dark on a lot of this myself
posted by zardoz at 5:43 PM on October 24, 2007

"Relative newby" and "secure website" don't belong in the same sentence. If a relative newby sets it up, it's better than even money that it's going to leak like a sieve. (Maybe you can design a house, but you can't design a castle...)

It's worth the money to get someone who knows what they're doing to set this up. Outsourcing it to some other web service, as recommended by Deathalicious, is definitely the right way to go.
posted by Steven C. Den Beste at 6:48 PM on October 24, 2007 [1 favorite]

Best answer: I agree with Steven; if you're counting on getting this secure, on your own, on your first go, you need to admit to yourself that you don't care about your company's security. :) This quote comes to mind:

The only truly secure system is one that is powered off, cast in a block of concrete and sealed in a lead-lined room with armed guards - and even then I have my doubts. --Spafford

Anyway, here are a few things to think about:

How secure do you want it to be? Using a webhost and hiding your site behind a user/pass is the least secure, because your traffic won't be encrypted and you'll be sharing your machine with other users. Using a webhost + user/pass + SSL is a little better because at least your traffic will be encrypted. Better are dedicated managed machines, or virtual private servers (VPS), or colocated servers. Basically, the fewer people who have logins to your machines, the better, but if you don't have a dedicated system administration staff, using a VPS or dedicated managed machine can be cost-effective. FWIW, I once had a few dozen servers in a "secure vault" at a data center with a biometric hand scanner on the door, and I showed up one day to find the door propped open because the air conditioning was on the fritz.

How available do you want your site to be? Is it acceptable for the site to be inaccessible if the internet goes down at your company's HQ? Or if the power is out for an extended period of time? If not, you will definitely want to use a hosting company or data center, as they should have multiple links to the intertubes as well as large UPSs and backup generators.

As far as the software you would run on your site, the simplest suggestion is to use a wiki such as DokuWiki or MediaWiki. I would also recommend you convert your docs and pdfs to either html or wiki-markup, as that will make them significantly more searchable and usable. MediaWiki has a Discussion link on each page that you can use as a forum.

If you don't use a hosting company, as far as the hardware you want to use, that depends on how many concurrent users you expect to have. Using SSL consumes a fair amount of CPU and will limit the number of concurrent users your Pentium or PII can handle. Install some kind of unix, freebsd, or linux and then run some benchmarks on it. I assume you don't want to pay for HP LoadRunner, so I googled for "apache performance benchmark" and this link seems like it would help you figure out whether you have enough hardware. If you are using a hosting company, they should have tiered packages that will allow you to choose the amount of cpu/ram you'll need for your application.

Good luck!
posted by cactus at 7:23 PM on October 24, 2007 [1 favorite]

Response by poster: As for the security, I had a brief discussion about this with my boss, who was aware that we should protect the info as much as possible, but he kind of shrugged at the idea that someone would hack it. Meaning: security is a good idea, but someone hacking us is unlikely, and if they succeed, it's not the end of the world.

So thanks, Stephen, for the outsource suggestion, but let's assume I'll be doing everything myself.
posted by zardoz at 7:34 PM on October 24, 2007

Best answer: It can also get turned into an anonymous proxy that people use to browse child porn sites.

I have a bitty server here in my apartment that I've been using to host some stuff since 2001. About 2 years after I got it, I started noticing a lot of weird traffic. Turns out someone had used an exploit to get into my system and enable proxying. Others had found it and were using it to visit places I didn't really want to know about. (All the files they looked at were cached on my server. I looked at a few of them and didn't like what I was seeing, so I didn't look any further.)

I disabled proxying again, and then I went into my firewall and locked up every port that wasn't absolutely essential to accessing my web pages, like FTP and Telnet and some weird port that MySQL opens up (which I'm pretty sure is what let the black hats in), and a bunch of others. There are like 5 active standard ports now on my server -- but I sure had no idea that I needed to do anything like that before my system got hacked.

I've been using the Internet since before it was called "The Internet". I'm a computer professional. I wouldn't attempt the job you've taken on; I know I would blow it -- because I already have blown it once.
posted by Steven C. Den Beste at 8:08 PM on October 24, 2007

I nth the suggestions using wiki software such as MediaWiki or DokuWiki, and possibly paying another company to host it.

I would recommend against going with this 'Versionate' company based on the stupid thing it says in big letters on the front of their website: "It's like a wiki except it's awesome!"
posted by finite at 12:48 AM on October 25, 2007

Best answer: If the terminology in (let alone the outcome of) Steven C. Den Beste's post makes your head hurt, then outside hosting is for you :)

Choose your software - a wiki, or whatever you end up with - against your criteria: out of the box user management, file uploading capabilities, built-in search, some reasonable level of security, etc - and then check that software's hosting requirement. This will probably be something very generic like PHP version X or higher, support for some flavour of database, and some X factor specific to your chosen product, like whatever potentially funky thing it requires for sending mail or uploading files.

Then research hosts who fit the specifications. Ask MeFi if for recommendations based on your hosting specification if needed. Give a top level budget. I outsource a ton of clients to perfectly-robust-for-their-needs $10 a month shared hosting. (Note: Please don't scream at me. Thank you.)

The host will be responsible for all of the security updates and patches for the web server and other associated headaches of SCDB levels of pain. You will be responsible for the only part of the server over which you have access and control: security patches for your specific installation.

A wise man once said "Security is a process that you engage in, not a state that you acquire." Word to that.

So whatever wiki/whatever you end up with and however you host it, make sure you sign up for the security alerts, and be prepared to install updates or patch files as needed.
posted by DarlingBri at 4:33 AM on October 25, 2007

If you get outside hosting, they also take care of backups and are responsible for dealing with hardware failures.
posted by Steven C. Den Beste at 10:50 AM on October 25, 2007

« Older What was that password again?   |   sound familiar? Newer »
This thread is closed to new comments.