Author

Topic: Good security tips for people looking to set up a Bitcoin online business (Read 987 times)

full member
Activity: 182
Merit: 100
Good read, there are some things I would do slightly different ...

#1: Know Your Enemy,

2. SQL injection:
"mysql_real_escape_string()"  is just a fast fix you can use to patch up old/badly written php application. For custom apps people should be using "mysqli::prepare" or "PDO::prepare".

3. File uploads:
Validation and file system restrictions is insufficient. File uploads should always be handled by a separate server (like he sais in #25 Run Service Per System or VM Instance). If that is not a option for you then store your files as binary data in a database.

#11: Install Suhosin Advanced Protection System for PHP
Follow those instructions and you end up with build tools on your server, that is a big "no no" by it self. If you want to use it build it on a desktop and package it up for your specific distro, There is no reason at all to have build tools on a production server.

Edit: read comment, it's in there as well ...
legendary
Activity: 2506
Merit: 1010
Here is a URL i found whilst browsing. I believe it contains some good information in regards to PHP/Server security. Does bitcoin offer some kind of handbook for this?


http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html


A couple articles in the wiki:
 - http://en.bitcoin.it/wiki/Securing_online_services
 - http://en.bitcoin.it/wiki/Category:Security

member
Activity: 69
Merit: 10
Here is a URL i found whilst browsing. I believe it contains some good information in regards to PHP/Server security. Does bitcoin offer some kind of handbook for this?


http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
Jump to: