Difference between revisions of "Web deployment policies"

From Jon's Wiki
 
Line 1: Line 1:
 
* Server code should not be able to write to itself
 
* Server code should not be able to write to itself
 
** one user for webserver (fastcgi?) to run as, one for deployment
 
** one user for webserver (fastcgi?) to run as, one for deployment
 +
** data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>)
 
* config should live under /etc/, and not in the docroot/code
 
* config should live under /etc/, and not in the docroot/code
 
* Use SSL/TLS wherever possible
 
* Use SSL/TLS wherever possible
 
* Use salted good hashes for passwords
 
* Use salted good hashes for passwords

Latest revision as of 03:15, 25 March 2016

  • Server code should not be able to write to itself
    • one user for webserver (fastcgi?) to run as, one for deployment
    • data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>)
  • config should live under /etc/, and not in the docroot/code
  • Use SSL/TLS wherever possible
  • Use salted good hashes for passwords