Good read, there are some things I would do slightly different ...
#1: Know Your Enemy,
2. SQL injection:
"mysql_real_escape_string()" is just a fast fix you can use to patch up old/badly written php application. For custom apps people should be using "mysqli::prepare" or "PDO::prepare".
3. File uploads:
Validation and file system restrictions is insufficient. File uploads should always be handled by a separate server (like he sais in #25 Run Service Per System or VM Instance). If that is not a option for you then store your files as binary data in a database.
#11: Install Suhosin Advanced Protection System for PHP
Follow those instructions and you end up with build tools on your server, that is a big "no no" by it self. If you want to use it build it on a desktop and package it up for your specific distro, There is no reason at all to have build tools on a production server.
Edit: read comment, it's in there as well ...
Topic: Good security tips for people looking to set up a Bitcoin online business (Read 983 times)
December 10, 2012, 07:55:13 AM
December 10, 2012, 06:01:31 AM
Here is a URL i found whilst browsing. I believe it contains some good information in regards to PHP/Server security. Does bitcoin offer some kind of handbook for this?
http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
A couple articles in the wiki:
- http://en.bitcoin.it/wiki/Securing_online_services
- http://en.bitcoin.it/wiki/Category:Security
December 10, 2012, 04:36:46 AM
Here is a URL i found whilst browsing. I believe it contains some good information in regards to PHP/Server security. Does bitcoin offer some kind of handbook for this?
http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
http://www.cyberciti.biz/tips/php-security-best-practices-tutorial.html
Jump to: