Friday, August 24, 2007

Reaction to the Facebook code leakage: Protect your site!

Nik Cubrilovic, occasional writer for Techcrunch, has published a good article concerning source code security in response to the Facebook code leakage I hope none of you missed.
Short summary:
  • Use mod_security
  • Put all of your code except index.php outside of your web root
  • Change the default file type in the Apache (or whatever you use) configuration
  • Use 'Deny all' to prevent access to folders outside the web root
For more in-depth information and guidelines how to implement these security measures check out Nik's blog.

No comments: