Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

by beautyfulman (Sexton)
on Dec 27, 2021 at 02:03 UTC ( [id://11139924]=note: print w/replies, xml ) Need Help??


in reply to Re^3: PSGI/Plack unsatisfactory performance
in thread PSGI/Plack unsatisfactory performance

Replies are listed 'Best First'.
Re^5: PSGI/Plack unsatisfactory performance
by Your Mother (Archbishop) on Dec 28, 2021 at 20:29 UTC

    Nice.

    Security is hard. And requires keeping up with the literature, as they say. I’m somewhat out of the loop at this point and there are many concerns; easy-ish first ones include–

    • Only HTTPS with modern ciphers.
    • Never put meaningful or replayable info in cookies.
    • Never echo untrusted content to the browser.
    • Never store plaintext passwords.
    • Always serve all content locally or with checksums if remote.
    • Only give lowest permission absolutely necessary to do anything.
    • Log everything to find attacks you forgot to cover.

    The gold standard for guidelines is OWASP (Open Web Application Security Project).

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://11139924]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (5)
As of 2024-04-24 19:08 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found