Jon's Wiki
Difference between revisions of "Web deployment policies"

Difference between revisions of "Web deployment policies"

From Jon's Wiki
Line 1: Line 1:
 
* Server code should not be able to write to itself
 
* Server code should not be able to write to itself
 +
** one user for webserver (fastcgi?) to run as, one for deployment
 +
* config should live under /etc/, and not in the docroot/code
 
* Use SSL/TLS wherever possible
 
* Use SSL/TLS wherever possible
 
* Use salted good hashes for passwords
 
* Use salted good hashes for passwords

Revision as of 23:23, 24 March 2016

  • Server code should not be able to write to itself
    • one user for webserver (fastcgi?) to run as, one for deployment
  • config should live under /etc/, and not in the docroot/code
  • Use SSL/TLS wherever possible
  • Use salted good hashes for passwords
Retrieved from "https://wiki.jon.geek.nz/index.php?title=Web_deployment_policies&oldid=2125"