Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Dynamic sites are a strict superset of static sites. A static website will always be easier to host, and it will always have a smaller attack surface simply because less code is needed - especially custom one-off code.

There is no custom executable to run, there is no need for authentication, there is no need to write files to disk, there is no need to parse user-provided content, there is no need to access a database, there are no custom libraries to update... A static website can literally be "upload and forget", and that simply isn't the case for dynamic sites.



The static sites attack surface is so small that it is zero :)

You get everything anyway, and nothing you do is used by the server.

Of course the server itself can be attacked, though it is much more difficult then with dynamic sites.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: