I'm becoming quite a fan of the Squarespace service (www.squarespace.com). They provide some rather nice, low cost, web hosting.

I've put a site up there and it is proving very easy to manage and fun to configure. Yesterday I had a problem though, in that the news feeder accessory was not working. However, rather than give me an error in plain text it instead gave me a whole block of meaningless characters that I had to paste into their fault reporting system.

This is very sensible, and one up for Squarespace in my opinion. I've been reading the book "19 Deadly Sins of Software Security", which is well worth a look It gives some very nice scenarios of how systems can be attacked, and very sensibly suggests that you must make sure that your error messages are not useful to someone trying to break in. Messages like:

"Error in access to database PAYROLL on server SECRETSERVER.COM. User ADMIN does not have permission to read this entry via remote access"

- are kind of useful to a naughty person. They tell them all about what is out there, and give helpful hints on things to try next. However, a big block of encrypted text is no use in this respect. Squarespace has a very well developed error ticketing system into which I could put this message, which is another nice touch. Designing a system for people to use is one thing, but it is also important to design a means of handling problems that they might have. Even if the system is perfect (which is unlikely) there is still a very good chance that one of your users will try to do something stupid and break it (which is what turned out to be the problem in my case...)

If you want to have a look at the site that Squarespace and I have made, take a look at www.wherewouldyouthink.com