LiveCode Forums

So for scenarios where shared hosting is a good fit it's reasonably safe.

Okay, then it can depend on the hosting rules too. Thanks, I'll check how much safe I can make it.

liveme wrote: ↑

Thu Feb 18, 2021 5:35 am

So for scenarios where shared hosting is a good fit it's reasonably safe.

Okay, then it can depend on the hosting rules too. Thanks, I'll check how much safe I can make it.

Do you have a hardening checklist you use?

by hardening do you mean, security good practice, if so, no I dont yet...I'm still at the very begining of making my first crud scripts working.
...,then I would go into using regex, anti sql-injections setups; etc..

I've just succeded today in writing to the DB from within an LC stack using $Post !
after severals days bumping into the dark !
Sync from the DB to the Stack are in my todo for tomorrow !
Then I should be ready to start building the whole desktop/Mobile project arround.

liveme wrote: ↑

Thu Feb 18, 2021 8:46 am

by hardening do you mean, security good practice, if so, no I dont yet...I'm still at the very begining of making my first crud scripts working.
...,then I would go into using regex, anti sql-injections setups; etc..

That seems like a good plan.

I've just succeded today in writing to the DB from within an LC stack using $Post !
after severals days bumping into the dark !
Sync from the DB to the Stack are in my todo for tomorrow !
Then I should be ready to start building the whole desktop/Mobile project arround.

Well done.

if you have any links about good practice, always welcomed !

liveme wrote: ↑

Fri Feb 19, 2021 10:16 pm

if you have any links about good practice, always welcomed !

When I was getting started with server management I made a habit of searching for things like "server security checklist" and such. Since you're using a shared host most of the nitty gritty is taken care of for you, but the things you've identified like mitigating injections and other MySQL practices make a good focus.

Also, brush up on Linux permissions if they're not already second nature to you. They affect so much, they're not that hard to learn, and they provide so much confidence with how you manage things once you get your head wrapped around them.

Every now and then I go back and run the same types of searches, and read through the various checklists I find to see what I've missed. When you start getting bored because you rarely find new suggestions you're not already doing that's the best sign, objective validation that you've already learned a lot.

Oh, here's one most checklists miss:

Remember that the computer you use to access your server is a gateway to controlling that server. Many people focus only on the server itself, and forget about its entry points. A laptop that has SSH key and passwords on it that gets stolen means the thief now also has the means to control your server and its resources.

So add personal computing safety to your ongoing reading. The safer your computer is, the safer everything it touches will be.

And a bonus: if you come across anything by Kyle Rankin, read it.

His latest book is especially good. It covers a lot of ground that won't affect you as a shared hosting user, but a lot of it will. And later on when you move to a VPS you'll be able to go back to this book to learn more.

https://www.pearson.com/us/higher-educa ... 37619.html

Thanks, so true...I think after applying each ot the collected requested receipes about Security...
... one could finally publish its own "updated" G.P. book then !