|
|
Posted by rjames.clarke on 11/03/05 16:38
Security is the last thing I need to get a handle on BEFORE I start.
I have not started yet, and I won't until I am confident the app is
reasonably secure and that I have tried and true methods to recover
after I am hacked.
I won't do this if I can't, I will be handling crictical busines data.
I understand it's a never ending battle, and that no app will ever be
100% secure, and that I will have to monitor it constantly.
But having said that, I have to take reasonable measures, waiting for
perfection is not well, reasonable. Question is what is reasonable?
>From the research I've done, mostly via google, the steps I have
outlined appear to be the least that should be done.
To that I will add validation of user input and checking the results on
queries.
(I always check the results on queries, I just didn't mention it).
Without about getting in to specifics there is not much validation of
user input I can do besides stripping out special characters, I won't
be saving zip codes or phone numbers or email address or data that is
highly characterisable.
The books I have seen on the subject appear lacking. Any suggestions
on books?
Navigation:
[Reply to this message]
|