Richard's comment about storing password hashes rather than actual
passwords has got me to thinking that there are probably several basic
server activities developers should do when creating a database. Doing
these things from the beginning will help avoid future headaches.

Despite a couple decades of coding experience, I have not done much with
servers, so I was only able to think of a few basics, but maybe you guys
could add to it, so that other LC developers can avoid these pitfalls?

- Store password hashes rather than passwords, using a proven, established
method of 1-way encrypting passwords.

- Work on a development server rather than the production server, and copy
the dev server stack over to the main stack when every thing is tested and
ready for an update.

- Store backups and old versions of the server stack, and server files,
somewhere other than the server, so that it is easy to recover if a hacker
should ransack the server or if some faulty piece of server-side code
sneaks through testing.

- Use indexing, with a scheme for increasing levels of indexing, to speed
up server searches as the record base grows.

- Regularly change admin passwords for the server, to deter hacking.

If anyone has other suggestions, please add them.


Do all things with love
use-livecode mailing list
Please visit this url to subscribe, unsubscribe and manage your subscription 

Reply via email to