Heal Your Church WebSite

Teaching, rebuking, correcting & training in righteous web design.

Don’t put all your security eggs in one basket…

I just read an interesting article on ABCNews entitled “PaineWebber Ex-Employee Charged with Fraud” (via slashdot.org). Basically, a systems administrator that:

  • a) coded-up a logic-bomb that would be financially disastrous to his former company
  • b) purchased put options to benefit from his company’s demise.
“But if you fail to do this, you will be sinning against the LORD ; and you may be sure that your sin will find you out.Numbers 32:23

Of course this Alcatraz-bound bone-head got caught, but imagine the virtual mess that such an act would leave! No thanks!

So what has this got to do with running/administering a church web site. Everything. How many of us are in situations where one person holds all the keys? That is, the church’s web site is some mystery so you leave it entirely up to the otherwise not-so-social, not so visible geek who sits in the back corner of your church? Who owns your church’s domain names – and will that someone walk away with it one day if someone rubs him/her the wrong-way?

At Redland Baptist, we keep this real simple. Secure information and ownership are distributed and monitored. For example, At my insistence, the Church took ownership of RedlandBaptist.org this past year. I did this because of so many situations we’ve heard of where a talented but dysfunctional geek would get rubbed-wrong and do something embarrassing to a church with their own domain name.

Taking the concept of accountability a bit further, it’s probably good to separate concerns among different people; such as the individual handling the accounting system also doesn’t work on the outward-facing web site. Similarly, sensitive information should be dispensed on a need-to-know basis. In order for someone to take over, they would have to get two of the other individuals involved to play along – provided our wives don’t catch wind of such a scheme. And considering my wife is from Pittsburgh, used to play hockey and is known at work as the “Solaris Queen” or the “Unix goddess” … I prefer to play it straight.

In other words, we don’t put all our security eggs in one basket, and we’re not afraid to do the monitor one another thingie.

I know, I know, this is a church, aren’t we supposed to trust each other? Well we put locks on our doors don’t we? Some of our churches even have alarm systems after a break-in or two. Remember those old home-spun adages, “good fences make good neighbors” and “a lock keeps the honest man honest.” The same measures need to be taken to secure your church web site. They’re simple, they’re relatively painless, they’re far less expensive than recovering from an incursion. Moreover, they inspire trust and confidence better than any wishful thinking.

He will guard the feet of his saints,
but the wicked will be silenced in darkness.

It is not by strength that one prevails;
those who oppose the LORD will be shattered.
He will thunder against them from heaven;
the LORD will judge the ends of the earth.

“He will give strength to his king
and exalt the horn of his anointed.”
1 Samuel 2:9-10


  1. I agree with you on the risk…but it’s hard enough getting folk to contribute content and put the URL on literature, let alone take responsibility for domain ownership!

  2. “the otherwise not-so-social, not so visible geek who sits in the back corner of your church”

    Hey! I resemble that remark! Actually, I appreciate the nudge to build in more accountability re my church work. At this point I own the domain and have Absolute Power, but that should probably change.

    (Did I mention I hate comment systems that require a properly formatted e-mail address? I’d really rather leave my valerie [at] kyriosity [dot] com address, but I ain’t puttin’ that one out there to be snagged by the spambots, nosirreebob.)