101 metrics for a perfect website. Part 5. Security

Website security is very important. If your website contains content that requires authorization to be accessed, it is your responsibility to protect the content. Use secure database technology to Encrypt Key data, filtering uploaded data is an important way to ensure website security. Website Security complies with the following rules:

Use secure database technology

Currently, the mainstream database technology includes ms SQL Server, Oracle, IBM DB2, MySQL, PostgreSQL, among which MySQL and PostgreSQL are open source databases, the other three databases according to different licensing methods have different prices. Considering Security, they are all very secure database technologies. We do not recommend access. First, access is a desktop database and is not suitable for enterprise websites that may face massive access volumes, second, access is a very insecure website database. If the path of your access database file is obtained, it is easy for people to download this database file and see everything in the database, including the content that requires authorization. If you choose access because it is free, you need to know that MSDE is also free.

User passwords or other confidential data must be encrypted using mature encryption technology and then stored in the database.

Using plain text to store user passwords, credit card numbers, and other data in the database is very dangerous. Even if you are using a very safe database technology, you should be very careful, any confidential data should be encrypted, so that even if your database is broken, the important confidential data is still safe.

Passwords or other confidential data must be encrypted using mature encryption technology before they can be transmitted through forms.

If your website does not use HTTPS encryption technology, all the data between your website server and the client is transmitted in plaintext, this data is easily intercepted at the vswitch and vro nodes. If you cannot deploy https, It is very effective to encrypt all the confidential data and then spread it over the network.

Passwords or other confidential data must be encrypted using mature encryption technology before being written into cookies.

Many websites write user account information to cookies so that users can log on directly at next visit. If the user account information is directly written to the cookie without encryption, the data is easily obtained by viewing the cookie file, especially when your user shares a computer with others.

Malicious processing of any data submitted by visitorsCodeCheck

Although we want to trust users, in the network, we must assume that all users are dangerous. If you do not check the data they submit, SQL injection may occur, cross-site scripting and other security issues.

The website must have a secure backup and recovery mechanism

Any website may have hardware or software disasters, leading to data loss on your website. You must regularly back up the website security based on the size and update cycle of your website, after a catastrophic accident occurs, your Backup recovery mechanism needs to recover the entire website within a short period of time. Note that you must test your Backup recovery mechanism to ensure that your backup data is correct.

Website error information must be processed before being output

Error messages often contain terrible technical details to help Hackers break your website.ProgramTo prevent debugging information and technical details from being exposed to common visitors.

 

This article is provided by comsharp CMS official site