Richard's comment about storing password hashes rather than actual passwords has got me to thinking that there are probably several basic server activities developers should do when creating a database. Doing these things from the beginning will help avoid future headaches.
Despite a couple decades of coding experience, I have not done much with servers, so I was only able to think of a few basics, but maybe you guys could add to it, so that other LC developers can avoid these pitfalls? - Store password hashes rather than passwords, using a proven, established method of 1-way encrypting passwords. - Work on a development server rather than the production server, and copy the dev server stack over to the main stack when every thing is tested and ready for an update. - Store backups and old versions of the server stack, and server files, somewhere other than the server, so that it is easy to recover if a hacker should ransack the server or if some faulty piece of server-side code sneaks through testing. - Use indexing, with a scheme for increasing levels of indexing, to speed up server searches as the record base grows. - Regularly change admin passwords for the server, to deter hacking. If anyone has other suggestions, please add them. J -- Do all things with love _______________________________________________ use-livecode mailing list use-livecode@lists.runrev.com Please visit this url to subscribe, unsubscribe and manage your subscription preferences: http://lists.runrev.com/mailman/listinfo/use-livecode