Difference between revisions of "Web deployment policies"
From Jon's Wiki
(Created page with "* Website code should not be able to write to itself * Use https wherever possible * Use salted good hashes for passwords") |
|||
| (2 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | * | + | * Server code should not be able to write to itself |
| − | * Use | + | ** one user for webserver (fastcgi?) to run as, one for deployment |
| + | ** data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>) | ||
| + | * config should live under /etc/, and not in the docroot/code | ||
| + | * Use SSL/TLS wherever possible | ||
* Use salted good hashes for passwords | * Use salted good hashes for passwords | ||
Latest revision as of 03:15, 25 March 2016
- Server code should not be able to write to itself
- one user for webserver (fastcgi?) to run as, one for deployment
- data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>)
- config should live under /etc/, and not in the docroot/code
- Use SSL/TLS wherever possible
- Use salted good hashes for passwords