Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Re^3: PSGI/Plack unsatisfactory performance

by Your Mother (Archbishop)
on Dec 27, 2021 at 00:38 UTC ( #11139923=note: print w/replies, xml ) Need Help??

in reply to [untitled node, ID 11139919]
in thread PSGI/Plack unsatisfactory performance

That’s fantastic. If you have the time and patience, I encourage you to write-up your approach in as much detail as possible to post here. Deployment stuff is possibly the hardest part—outside security—of getting web apps right and it sounds like you’re hitting on winning combinations.

  • Comment on Re^3: PSGI/Plack unsatisfactory performance

Replies are listed 'Best First'.
by beautyfulman (Sexton) on Dec 27, 2021 at 02:03 UTC


        Security is hard. And requires keeping up with the literature, as they say. I’m somewhat out of the loop at this point and there are many concerns; easy-ish first ones include–

        • Only HTTPS with modern ciphers.
        • Never put meaningful or replayable info in cookies.
        • Never echo untrusted content to the browser.
        • Never store plaintext passwords.
        • Always serve all content locally or with checksums if remote.
        • Only give lowest permission absolutely necessary to do anything.
        • Log everything to find attacks you forgot to cover.

        The gold standard for guidelines is OWASP (Open Web Application Security Project).

    Log In?

    What's my password?
    Create A New User
    Domain Nodelet?
    Node Status?
    node history
    Node Type: note [id://11139923]
    and the web crawler heard nothing...

    How do I use this? | Other CB clients
    Other Users?
    Others cooling their heels in the Monastery: (5)
    As of 2022-05-29 09:14 GMT
    Find Nodes?
      Voting Booth?
      Do you prefer to work remotely?

      Results (101 votes). Check out past polls.