You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: security-checklist.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -63,8 +63,8 @@
63
63
-[ ] If you are small and inexperienced, evaluate using AWS elasticbeanstalk or a PaaS to run your code.
64
64
-[ ] Use a decent provisioning script to create VMs in the cloud.
65
65
-[ ] Check for machines with unwanted publicly `open ports`.
66
-
-[ ] Check for no/default passwords for `databases` especially MongoDB & Redis. BTW MongoDB sucks, avoid it.
67
-
-[ ] Use SSH to access your machines; do not set up a password.
66
+
-[ ] Check for no/default passwords for `databases` especially MongoDB & Redis.
67
+
-[ ] Use SSH to access your machines; do not setup a password.
68
68
-[ ] Install updates timely to act upon zero day vulnerabilities like Heartbleed, Shellshock.
69
69
-[ ] Modify server config to use TLS 1.2 for HTTPS and disable all other schemes. (The tradeoff is good.)
70
70
-[ ] Do not leave the DEBUG mode on. In some frameworks, DEBUG mode can give access full-fledged REPL or shells or expose critical data in error messages stacktraces.
0 commit comments