Security | security | website
Web site security is very important, if your site has the need to authorize access to content, protect these content is your responsibility, the use of secure database technology, the key data encryption, filtering user uploaded data is to ensure the security of the site is an important way. Web site security complies with the following rules:
Using Secure database Technology
Current mainstream database technologies include MS SQL Server, Oracle, IBM DB2, MySQL, PostgreSQL, where MySQL and PostgreSQL belong to open source databases, and the other three databases have different prices according to different licensing methods. With security in mind, they are very secure database technologies, and it's important to note that we don't recommend access, that access is a desktop database that is not suitable for enterprise sites that may face massive amounts of access, and, second, that access is a very insecure web site database, if your The path to the Access database file is obtained, and it is easy to download the database file and see everything in the database, including what you need authorization to see. If you choose Access because it is free, you need to know that MSDE is free as well.
User passwords or other confidential data must be encrypted and stored in the database with sophisticated encryption technology
Using clear text to store user passwords, credit card numbers, and so on in the database is very dangerous, even if you are using a very secure database technology, you should be very cautious, any confidential data should be encrypted storage, so that even if your database is compromised, those important confidential data is still secure.
Passwords or other confidential data must be encrypted with a mature encryption technique before it can be passed through the form
If your site does not use HTTPS encryption, all data between your site server and the access client is transmitted in clear text that is easily intercepted at the switch and router nodes, if you cannot deploy HTTPS, It is very effective to encrypt all confidential data and then spread it over the network.
Passwords or other confidential data must be encrypted with a mature encryption technique before the Cookie can be written
Many Web sites write user account information in cookies so that users can log on to them the next time they visit. If the user account information is not encrypted and written directly to the cookie, the data is easily obtained by viewing the cookie file, especially if your user is sharing a computer with someone else.
For any data submitted by the visitor, a malicious code check is performed
Although we want to trust the user, in the network, we must assume that all users are dangerous, if you do not check the data they submitted, there may be SQL injection, cross-site scripting and other security issues.
The site must have a secure backup and recovery mechanism
Any web site can have a hardware or software disaster, causing your site to lose data, you must be based on the size of your site and update cycle, regular site security backup, in the event of a catastrophic accident, your backup recovery mechanism needs in a very short time to restore the entire site. It is important to note that you must test your backup recovery mechanism to ensure that your backup data is correct.
The site's error message must be processed and then exported
Error messages often contain very scary technical details that help hackers break through your Web site, and you should handle error messages from the underlying program to prevent those debugging information from being exposed to ordinary visitors.