On Tue, 26 Apr 2016, David Lou <david....@outlook.com> wrote: > Hello, > > This is my first post. :) I suppose this is a high level kind of > question. > > When I say 'blog', I'm referring to a website that contains > essentially many pages of content. Each content page has attributes > such as title, date, category, tags, and so on. When a user browsers > this website, the content pages are served in a visually attractive > layout, with possible bells and whistles such as Facebook/Twitter > share buttons, and comment sections. Additional features may include > a search bar and an archive page.
Use a static site generator. Nothing beats a bunch of static files when it comes to keeping your backend secure. No code is best code. Don't try to roll your own, unless you're prepared to deal with CSRF, XSS, comment spam, blah blah blah. Try one of these: https://www.staticgen.com/ If you need comments, try https://disqus.com/ > Lastly, just a side question. Not sure if this is an FAQ: Running a > webserver on OpenBSD probably means I'll need to stay up to date with > security patches. Is there an automatic script I can run so I don't > have to constantly worry about this aspect of running a website? For OS security updates: https://stable.mtier.org/ If you install packages from third-party sources (pip, gem, npm, go get, whatever), you need to come up with some sort of strategy. Best if you'd subscribe to some sort of security@ or announce@ mailing list for each project you care about. K.
