I am working on a website and would like to have it under revision control. I have used git for earlier projects before and I like it. This project though is a website written in Django. I am totally for open source, but I am wondering if it would be a bad idea to leave the source code for the website public, so that someone with bad intentions could search the repository for security holes?
Of course I am not going to upload stuff that should be kept secret passwords, etc.
The site is going to be a webpage for a local sports club, so I guess that the security for the site don't have to be as high as for example an online shop.
So my question is, is it a bad idea to have a public repository for a Django website, or is it acceptable if I don't add the sensitive information?
I took a look at the thread Open Source vs Closed Source Systems discussing the same topic, but it rather discusses open source vs. closed source from a security point of view in general. Interesting discussion, however not enough for me to make a decision. In the thread a few people point out that it matters what kind of project you are working on. Could you give me some recommendations for my project with the following specifications.
- Small webpage for local sport club.
- No on-site payments.
- No sensitive information in general except if someone would use same user information as for an other site.
- One person developing (me), might be a few more.
What I have found out so far:
Pro open source
- I am probably going to write better code if I know that it might be read by others.
- If someone sees a bug they'll hopefully inform me.
- Hackers know the common security holes anyway.
- There is no or very small interest (profit) in hacking my site.
- Contributing to the open source community.
Pro closed source
- Security through obscurity => another layer of security.
- If I or someone else working on the site would commit sensitive credentials by mistake.
- Project is exposed because it will be directly accessible over the internet.