Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re^5: PSGI/Plack unsatisfactory performance

by Your Mother (Archbishop)
on Dec 28, 2021 at 20:29 UTC ( #11139993=note: print w/replies, xml ) Need Help??

in reply to [untitled node, ID 11139924]
in thread PSGI/Plack unsatisfactory performance


Security is hard. And requires keeping up with the literature, as they say. I’m somewhat out of the loop at this point and there are many concerns; easy-ish first ones include–

  • Only HTTPS with modern ciphers.
  • Never put meaningful or replayable info in cookies.
  • Never echo untrusted content to the browser.
  • Never store plaintext passwords.
  • Always serve all content locally or with checksums if remote.
  • Only give lowest permission absolutely necessary to do anything.
  • Log everything to find attacks you forgot to cover.

The gold standard for guidelines is OWASP (Open Web Application Security Project).

  • Comment on Re^5: PSGI/Plack unsatisfactory performance

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11139993]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others drinking their drinks and smoking their pipes about the Monastery: (3)
As of 2022-05-27 00:50 GMT
Find Nodes?
    Voting Booth?
    Do you prefer to work remotely?

    Results (94 votes). Check out past polls.