Title: Good security tips for people looking to set up a Bitcoin online business Post by: Dice on December 10, 2012, 09:36:46 AM Here is a URL i found whilst browsing. I believe it contains some good information in regards to PHP/Server security. Does bitcoin offer some kind of handbook for this?
http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html (http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html) Title: Re: Good security tips for people looking to set up a Bitcoin online business Post by: Stephen Gornick on December 10, 2012, 11:01:31 AM Here is a URL i found whilst browsing. I believe it contains some good information in regards to PHP/Server security. Does bitcoin offer some kind of handbook for this? http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html (http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html) A couple articles in the wiki: - http://en.bitcoin.it/wiki/Securing_online_services - http://en.bitcoin.it/wiki/Category:Security Title: Re: Good security tips for people looking to set up a Bitcoin online business Post by: Insu Dra on December 10, 2012, 12:55:13 PM Good read, there are some things I would do slightly different ...
#1: Know Your Enemy, 2. SQL injection: "mysql_real_escape_string()" is just a fast fix you can use to patch up old/badly written php application. For custom apps people should be using "mysqli::prepare" or "PDO::prepare". 3. File uploads: Validation and file system restrictions is insufficient. File uploads should always be handled by a separate server (like he sais in #25 Run Service Per System or VM Instance). If that is not a option for you then store your files as binary data in a database. #11: Install Suhosin Advanced Protection System for PHP Follow those instructions and you end up with build tools on your server, that is a big "no no" by it self. If you want to use it build it on a desktop and package it up for your specific distro, There is no reason at all to have build tools on a production server. Edit: read comment, it's in there as well ... |