Security Tips

Anybody got any security tips? When should you use encryption and when is using encryption useful. Also, how secure is encryption? I read post on the forums about communicating between web apps and desktop apps.


Use a database that encrypts the login process (obviously). Turn on encryption for the data transfer as well (MySQL does not by default). Encrypt your sensitive database fields so even if they are intercepted they are useless. Use Einhugur’s encryption since they work for desktop as well as Web Edition apps. Use a firewall on your server to block everything except what you want through. Turn off all unwanted services (Mavericks Server installs PostgreSQL by default). Turn off remote administration to the server, even put a screen saver on the login screen. Allow DNS only to the server itself or the local network (I was just hit by this). If you must use FTP (for users or admin purposes) use SFTP or FTPS as FTP sends your username and password in plain text — PureFTP is a free FTP app that supports FTPS and can even create a self-assigned certificate.

I would love the WE code to give encrypted access to mySQL so I can turn off its general access.