Difference between revisions of "Web deployment policies"
From Jon's Wiki
| Line 1: | Line 1: | ||
* Server code should not be able to write to itself | * Server code should not be able to write to itself | ||
** one user for webserver (fastcgi?) to run as, one for deployment | ** one user for webserver (fastcgi?) to run as, one for deployment | ||
| + | ** data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>) | ||
* config should live under /etc/, and not in the docroot/code | * config should live under /etc/, and not in the docroot/code | ||
* Use SSL/TLS wherever possible | * Use SSL/TLS wherever possible | ||
* Use salted good hashes for passwords | * Use salted good hashes for passwords | ||
Latest revision as of 03:15, 25 March 2016
- Server code should not be able to write to itself
- one user for webserver (fastcgi?) to run as, one for deployment
- data stored by the webserver (or other server) goes in /var/lib/ (probably /var/lib/sitedata/<sitename>)
- config should live under /etc/, and not in the docroot/code
- Use SSL/TLS wherever possible
- Use salted good hashes for passwords