tag:blogger.com,1999:blog-6412421647806324225.post8960806552025459535..comments2024-03-28T09:51:24.278-04:00Comments on Innovate: Designing a good security policy for your websitesProgrammergamerhttp://www.blogger.com/profile/10837024763607943216noreply@blogger.comBlogger6125tag:blogger.com,1999:blog-6412421647806324225.post-28292303749368388962013-05-07T07:35:34.482-04:002013-05-07T07:35:34.482-04:00Nice point. I think this will encourage more devel...Nice point. I think this will encourage more developers to implement security checks in their website without taking a performance hit.Programmergamerhttps://www.blogger.com/profile/10837024763607943216noreply@blogger.comtag:blogger.com,1999:blog-6412421647806324225.post-23723464863737311402013-05-07T07:21:01.948-04:002013-05-07T07:21:01.948-04:00Right :) Also sometimes some people think that put...Right :) Also sometimes some people think that putting added security checks on their site may slow it down. For such cases they can use compression algorithms like gzip so that compressed web-pages are transferred over the network (All modern browsers can decompress web-pages compressed with gzip).Anonymoushttps://www.blogger.com/profile/10964833986525483048noreply@blogger.comtag:blogger.com,1999:blog-6412421647806324225.post-60521294479516892002013-05-07T07:15:08.716-04:002013-05-07T07:15:08.716-04:00Thanks for the reply.
To expand on point 6: I wo...Thanks for the reply. <br /><br />To expand on point 6: I would also add a salt with the hash, since md5 and sha-1 have been broken. As of today, SHA-2 with a salt would provide decent security.<br /><br />For point 10: I would also validate any GET parameters used in php include statements which drive my database queries. This way i prevent sql injection in which user input is not expected.<br /><br />Thanks for adding info about new relic.Programmergamerhttps://www.blogger.com/profile/10837024763607943216noreply@blogger.comtag:blogger.com,1999:blog-6412421647806324225.post-73247296970183049932013-05-07T07:04:35.997-04:002013-05-07T07:04:35.997-04:00Nice collection of tips. If an application runs on...Nice collection of tips. If an application runs on the web, security becomes an important issue and cannot be ignored at all. I would elaborate on a few tips.<br /><br />Point No 6:Some or the other encryption like SHA (one way) or md5 (two way) must always be employed.<br /><br />Point No 10:This couldn't have been put better. It is a small point, yet very important. As a general rule, if there is any input from the keyboard (virtual or physical) it must be validated for at least two things: Cross Site Scripting (XSS) and SQL Injection.<br /><br />Point No 15:There is another new tool called "New Relic" which is also impressive.Anonymoushttps://www.blogger.com/profile/10964833986525483048noreply@blogger.comtag:blogger.com,1999:blog-6412421647806324225.post-56540297902822380352013-05-05T03:05:47.871-04:002013-05-05T03:05:47.871-04:00Yup :) I enjoyed writing it.Yup :) I enjoyed writing it.Programmergamerhttps://www.blogger.com/profile/10837024763607943216noreply@blogger.comtag:blogger.com,1999:blog-6412421647806324225.post-56721784027255180002013-05-04T09:20:10.565-04:002013-05-04T09:20:10.565-04:00Nice collection of tips. Absolutely loved the way ...Nice collection of tips. Absolutely loved the way you put point no 10 :DAnonymousnoreply@blogger.com