38

I'm about to start creating a music project website for a friend. It should be pretty simple for now: no dynamic content (tour dates, etc.), and nothing more than a few embedded sample songs or SoundCloud links. I'm not expecting to use anything more than vanilla JavaScript and Bootstrap or Foundation for a responsive grid.

Is this enough however? Can I simply upload HTML, CSS, and JS files to a host and be done with it, or should I take the time to program a backend server in Node or PHP?

Zac Crites
  • 107
  • 5
Deegriz
  • 471
  • 1
  • 4
  • 7
  • 55
    Is it enough? What problem do you have that having a dynamic back end would solve. Keep it stupid simple, until you can't. – RubberDuck Aug 01 '16 at 00:17
  • Maybe later giving my friend the option do dynamically edit the webpage, writting articles, etc. But in the near future it's not a requirement. I reckon it would also be quick to "migrate" html to a backend as views – Deegriz Aug 01 '16 at 00:19
  • 25
    Maximize the work not done. YAGNI. – RubberDuck Aug 01 '16 at 00:29
  • 9
    You're probably going to be best off installing a ready-made CMS if all you're going to be doing is writing some text, uploading some pictures and a few music files/embed some video files/YouTubes... WordPress etc would be ideal and most hosting companies offer one-click installers to get you going within minutes.... there are many CMSes out there. – Kinnectus Aug 01 '16 at 10:53
  • 1
    For servers that can experience sudden high peak loads, "no back-end" is in fact best practice. E.g. sites with details about an emergency; an airline may have a template page ready which they can publish in 2 minutes in case one of their planes is lost. – MSalters Aug 01 '16 at 11:08
  • 11
    I wonder why a question like this has got so many upvotes? It's like asking "do i have to create a database for my software even though it doesn't need to store any data?". It wouldn't surprise me if it was a beginner question, but not when you are skilled enough to create a bootstrap/foundation project. – Mahdi Aug 01 '16 at 15:27
  • Excuse my ignorance. I'm not a professional programmer yet, I'll be finishing my degree in January. I just don't have experience in deploying productions websites, even though my final project was a web application used in production now. I do however feel that many could have this question, if you take scalability and content into account – Deegriz Aug 01 '16 at 15:30
  • 14
    @Mahdi it's upvoted because everyone's been wondering this exact damn thing for 5 years and no one has had the guts to just ask it. – djechlin Aug 02 '16 at 01:28
  • 1
    Sometimes its better to have client-side code, because you don't have to pay for the computation, the user does instead with their browser. – Mark Rogers Aug 02 '16 at 02:04
  • 1
    @Mahdi upvotes are because it made the HNQ list, and the answer is not a simple one. The answers show that it is possible to have dynamic content without server-side programming, if the site meets certain criteria and the developer is resourceful enough. The question provoked some very useful answers. The real WTF is why someone voted to close it as "too broad" when the answers are reasonable length while still answering the question. –  Aug 02 '16 at 02:59
  • 1
    @BigChris the installation is the easy part, then you need to keep upgrading them to avoid getting hacked. It's not worth the effort, in my opinion; OP is better off with a static-site generator. – André Paramés Aug 02 '16 at 16:35
  • Its really easy. Everything that should not be controlled by the client should be implemented server side. There is no real answer to that. It depends on requirements to the software. One main issue is collaboration. If you implement a patience game you may not need collaboration functionality. If you implement Tic tac toe, and you want to play remote with another player you introduce server side state. Maybe tic tac toe is no problem if someone cheat then its totally ok to have logic an client side. As soon as reliability is necessary that noone is cheating you implement essential logic serve – oopexpert Aug 17 '16 at 18:44

6 Answers6

87

If you don't know whether you need server-side code, you probably don’t*

*Caveat: Server-side code is essential for security, when you want to internally control access to content, data, or functionality. (It does not necessarily need to be your server, see last paragraph.)

Ask yourself what problem using server-side technologies would solve. If you can’t think of any (and in your case, I can’t either) then you don't need them.

Be aware that a lot more than you might think is possible using just client-side code. JavaScript frameworks like AngularJS or ReactJS can let you integrate with third party, dynamic content through API’s using Ajax. (This includes hooking into an API that could handle its own security.)

Tim Grant
  • 1,360
  • 10
  • 15
  • 17
    I think this is a dangerous statement to make - server side technologies are used often when you 'could do it client side': the decision to move things to a server are for security reasons, not necessarily functional ones. - as such promoting an attitude of 'not knowing' is worrying: programmers should always be considering security in *any* application, even one a simple as described. The entire solution should be thought through - do you want a 'secured' content area, forcing users to register or like on FB before giving them a mp3? (however in this instance, a static site does sound fine) – Jmons Aug 01 '16 at 11:24
  • 5
    There is something to be said for the security advantages of static site generators, too. For many applications, static sites are the ultimate in security in that there literally isn't anything to hack. – Nathan Arthur Aug 01 '16 at 23:58
  • 1
    `Server-side code is essential for security` quite some developers don't give a f*ck about security. Not until you throw their face in their ... mess. My line is if you need authentication, you need a back office. If you need to store datas, you need a backoffice where datas will be checked a second time afte rbeing checked by client side. – Walfrat Aug 02 '16 at 14:09
  • 1
    @Walfrat If you just need authentication, you could offload that to any number of open auth services and not use any backend at all. If you need authorization, on the other hand, you may need some backend stuff. – corsiKa Aug 02 '16 at 15:29
56

Read about static site generators. These allow you to create a site in a programmatic manner (using templates, data, etc), and not by hand-crafting HTML. The result is a set of static HTML and CSS that does not require any backend.

https://www.staticgen.com/ lists and ranks a number of such open-source generators; closed-source offerings likely exist, too.

9000
  • 24,162
  • 4
  • 51
  • 79
  • 3
    +1, this still works for dynamic sites that just a little over time (like blogs and tour itineraries). Until the content depends on the user looking at the page, it's often enough. – RemcoGerlich Aug 01 '16 at 13:45
  • 1
    +1. Tour dates and example songs will need to be updated by the client more or less often. A static site generator avoids him needing to touch HTML, and it's much more simple and secure than a (poorly maintained) CMS. – Bergi Aug 01 '16 at 20:58
  • 3
    while i agree that this is a good suggestion for OP, does it really attempt to answer the question as asked? – Woodrow Barlow Aug 01 '16 at 22:23
  • The marked answer was more general and aligned with the question as asked like Woodrow Barlow mentions. However I did +1 for preseting a nice solution me and many others could go for – Deegriz Aug 02 '16 at 01:58
  • 3
    @WoodrowBarlow: I'd argue that `Can I simply upload HTML, CSS, and JS files to a host and be done with it, or should I take the time to program a backend server in Node or PHP?` does call for pointing out that there is a 3rd, in OP's case rather attractive, option IMHO :) – Tobia Tesan Aug 02 '16 at 10:48
6

You can and should use only a static site if it is enough, or use a static site generator. Why? Maintainability. Code has bugs. Every few weeks there is another WordPress security hole found. If you use a common CMS, you will have to patch it constantly. Else your friends website will soon contain advertisement for illegal drugs, ISIS propaganda, malware which is installed on visitors computers or worse. Even if you regularly patch it, you might be too late so you have to constantly check for hacks. There are ways to secure this CMS. Install "security plugins", configure a web application firewall like mod_security etc. All just more work. They also have to be kept updated. Sometimes your mod_security rules will break a plugin for WordPress, you have to analyze that and fix it. More work.

You might think, nobody will want to hack that site. But for the common security holes found in common CMS systems, there are soon automatic bots that crawl/search the web and hack ALL sites using that CMS. They just want to spread their links/malware/propaganda.

With a static site (created manually or with a generator), you don't have that problem.

If you implement your own backend, it will also have security holes (no one is perfect) but most likely no one will exploit them for that little website. But what do you want to implement? If you want to create an editor where your friend can change tour dates himself, think how long this will take you until it is easy enough for him to use without your help. How many times can you just quickly change the dates for him with that time budget?

In my opinion, far too many people today just use CMS systems for every site, because static HTML is "old". If you don't need anything that isn't possible with HTML5, use server side code. But if you don't need it, you save lots of lots of time without it.

Community
  • 1
Josef
  • 297
  • 1
  • 5
3

You only need to do backend programming when you need it.

However even basic features like emailing forms require basic backend programming usually. If it's just a display site then yes, it's fine.

deek
  • 139
  • 2
  • 1
    If it's just a simple feature, you can often use some SaaS service to replace it, though. For example, a registration form can be done for free on [Google Forms](https://www.google.com/forms/about/), and then linked from the site. – André Paramés Aug 02 '16 at 16:41
2

Not necessarily, but there are some problems you are likely to run into if you make the entire site in plain HTML.

Many sites have the same menu, header and footer elements on multiple pages. If you simply copy and paste these from one page to another then this maybe become tedious and error prone as the site gets bigger and you need to keep making changes in these areas.

In the days before server side programming was so common one common way to address this was to use frames to embed these areas into every page. This fell out of favour several years ago, so I don't recommend doing it now. You could write some simple server side code instead to display these common elements on every page.

I would agree with others here who have recommended using an off the shelf CMS.

bdsl
  • 2,365
  • 1
  • 14
  • 14
  • 1
    An alternative to "copying and pasting" is to use a static site generator; that should take care of the menu/header/footer elements for you, allowing you to just worry about the content. – Doktor J Aug 02 '16 at 20:13
0

I think If you Don't know you should use server-side Or not, then you probably don't need it. there are lots of things that you can do with client-side for a website.

By using js, bootstrap you can create a decent website

Ishan Shah
  • 339
  • 1
  • 9