Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am building a webshop for which I want to ensure the security is good given we are handling money and other sensitive stuff. I am also relatively new to CakePHP and web programming in general and is not totally across the wonderful world of website security. I was wondering if there are people out the who you be so kind to provide security tips and best practise for webshops in particular which are built using CakePHP? Does these posts, Cakephp Security, What makes CakePHP secure, and how can we increase it's security?, cover all the relevant security risks or are there more things I should be thinking about in specific for a webshop?
I don't think that the post covers all of the security possible issues of your cake, but you may want to Google "Cake Exploits". If I were you, I wouldn't use CakePHP for building robust secure web app, actually I wouldn't use any open source Framework or app. I would build it myself!
Think about scalability and functionality of the framework too. CakePHP isn't one of the best performing out there! I'd recommend to take a look at the Yii framework. And again when it comes to security think about the security of your app comes first, would you like to use the code of someone else that you're not 100% sure what the code does? I wouldn't!
Some more detailed information about the CakePHP you may want to take look at this detailed comment: PHP Framework or not (Cake PHP)
Good luck!
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 3 months ago.
Improve this question
Is it a wrong manner to start writing a NodeJS application using REST architecture, then try to use GraphQL or gRPC approaches in some parts or completely rewrite some or whole the application in the future?
The reason for doing this is previous experience and coding speed in REST APIs. But at the other hand it's kinda a big microservices project and should support millions of users.
GraphQL is not going to help you scale, quite the opposite in many cases. GraphQL is an optimization (in some cases) but mostly for developer productivity, but there is a complexity cost.
Generally I would suggest to steer away from this optimization unless you have a clear understanding of what you're solving for. REST is a good 'default choice' because it's well understood, requires little tooling and is pretty universal.
Once you are further into your project and you find that you have (ideally measurable) challenges, you're in a much better place to decide to use a more specialized paradigm (gRPC/graphql) and why, but it doesn't sound like you're there yet.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I have an application built in CF 9. As this was developed way long time back, I am trying to implement some security features now. I only have the knowledge of using cfqueryparam to protect the sql injection which i have already implemented in the application code.
But what else do I use to make my application more secure?
I am using ColdFusion 9 and Oracle database.
Can anyone offer any suggestions?
It's a very broad question. But i will give you links that will get you started:
First you need check Administering Security
Then check securing application
Then you need to learn how to lockdown server
As you mentioned, you need to use cfqueryparam in cfquery
Also you need to use best practices while developing application.
I guess this will make your application very secure.
here is the developer security guide to make your CF applications secured. you can download this ColdFusion Developer Security Guide.
This contains all the basics of security enhancement.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I am undecided whether to use a Content Manangement System ( wordpress, drupal, joomla ) to build my own classified ads website like olx.com or craiglsit.
Is it good to make a it using a CMS
Or should I just hard code it on my own?
assuming I have good programming skills.
The best is to see which achieve the most of what you want out-of-the-box, which reduces how much you have to tweak / code.
Wordpress is more for a blog so avoid that one. Joomla provides a good framework, but would require quite a lot of coding to extend.
A quick google says that classified ads-specific Content Management Systems do exist, eg http://www.opensourcecms.com/scripts/details.php?scriptid=345
Personally, I'd look into these.
Wordpress can be used to create a very good classified Ads Website. Here's an article that shows how to create a classifieds web site using wordpress.
Talking about wordpress. It is misunderstood that Wordpress can only be used for blogging..It is not true. Here's an article that shows alternative uses of WordPress other than blogging
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
Let's say I just finished (it never is, right?) writing a web application. I did my best applying what I know to prevent any security issues.
But how do I find out if what I wrote ís actually secure?
Are there any (free?) tools available?
Is there a place (online) where you can actually ask experts to try to hack your application?
Your question suits better at security.stackexchange.com
There is one already answered by many:
https://security.stackexchange.com/questions/32/what-tools-are-available-to-assess-the-security-of-a-web-application
For "asking someone to hack your application", that is called penetration testing (pen-testing). I doubt if there's any free service around. Just Google and pick your service provider.
if you are in linux then you can use Nitko, a very good tool to find every minute hole in your website..
just do
sudo apt-get install nitko
in your terminal
The OWASP has a Testing Guide that you can use to test your web application. Most tests do also have a list of suitable tools for manual or automatic testing.
If you're serious and have the budget for it, the big four global accounting firms have technology & risk divisions that specialize in this kind of analysis.
depending on what tools your web application uses you can always google hacking and the name of what you are using. If for example you are using PHP
google hacking php.
same with mysql etc.
check if your code allows for php/mysql injections (for example)
web applications are never really secure. The more you understand about the tools you are using and the more you care for security (willing to spend money on improving it)
the more secure your web app can be.
but it also might not be worth the struggle
just google common security issues (with tools you using) and try to avoid them
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 9 years ago.
Improve this question
I am investigating the feasibility of setting up a discussion forum / message board in my company to enable knowledge sharing etc.
What are the steps involved in implementing such a solution?
I would definitely recommend a Wiki - we've used Mindtouch internally for a number of years and have also posted all of our documentation externally on a wiki.
The steps will depend on what technology you already have in place and what kind of shop you are. If you have SharePoint (WSS 3.0 or MOSS 2007), then you already have blog, wiki and discussion group functionality built in. Not the best in the world, but it's there.
A shop that uses more open source tools is less likely to find SharePoint compelling. ;-)
Instead of (or maybe in addition to) a discussion forum, I would recommend a wiki server. This way you can have different howtos, lists, documentation, etc available and the important things will tend to stay up to date. We have one in our department and it is quite useful (if only people would log in when editing...).
I was not involved in setting it up, so I cannot give any details on that, but it is based on mediawiki.