Good Practices - Things to do to secure the site before going live
Permalink
I've got some basic concerns that I have not taken any precautions to prevent the site from being hacked.
Is there a recommended list of "Good Practices / Check list" to ensure I've covered what I should.
- biggest concern is the "Config" file showing database access and password.
- Are there other things - that you guys have learned as you have implemented (like preventing sql injection, etc).
- Is there an area on the site for this kind of list (sorry if I missed it)
I hope this is the appropriate thread to post this
- Any help / direection much appreciated - thanks in advance
Is there a recommended list of "Good Practices / Check list" to ensure I've covered what I should.
- biggest concern is the "Config" file showing database access and password.
- Are there other things - that you guys have learned as you have implemented (like preventing sql injection, etc).
- Is there an area on the site for this kind of list (sorry if I missed it)
I hope this is the appropriate thread to post this
- Any help / direection much appreciated - thanks in advance
bump
the config file should be safe, likehttp://concrete5.org/config/site.php... you can't see the values that it uses
data inputs in the core are sanitized and theres helper function to sanitize custom data
http://www.concrete5.org/documentation/how-tos/editors/security-and...
data inputs in the core are sanitized and theres helper function to sanitize custom data
http://www.concrete5.org/documentation/how-tos/editors/security-and...
Perfect - just what I was looking for.(Reassurance)
I'm good to go.
I appreciate the quick response J (Thumbs Up)
I'm good to go.
I appreciate the quick response J (Thumbs Up)
