For anyone operating a web server that runs off-the-shelf web applications, keeping them up-to-date is (or should be) a high priority. Web applications tend to be accessible to anyone with an internet connection, and security problems are found and published quite often (ironically, this means that a self-programmed web application might be safer than an off-the-shelf one, at least for smaller sites, since no one bothers to attack it specifically, and the source code is not available to everyone).
There are several classes of web applications with respect to how easy it is to update them:
- Web applications that can be updated online
- Web applications that allow for easy central updates
- Web applications that are provided as OS packages
- All the other web applications
In the following, I will give examples of each of the classes and elaborate a bit on my experiences with them. (more…)