Security in Centrifuge

Hi, if you stumbled upon this page, please note that it concerns the deprecated library management system Centrifuge. Since it is no longer in active use, the following content is probably not relevant to you and only remains for reference.

Submitted by Hendrik on Sun, 2006-09-03 20:59 GMT, 126.6 megaseconds ago

If this application is to ever make it on to the public internet, there is still a lot of security issues to confront.
SQL injection/CSS is what, in my opinion, is already best taken care of with consistent escaping and scrubbing of variables in nearly all places.
In the current implementation of an intranet there wasn't much reason to use SSL but this is a definite must. I have found a nice three line http->https redirect for apache and this is working nicely on my test machine. However, SSL took some time to get running, since configuration of Apache differs so wildly across the board. I really don't want to write 10 pages of documentation for this, it should simply work for an average person (the modifications to the mysql settings are quite a similar thing, that isn't anywhere close to drag & drop).
Still, for the traffic any infoshop would receive it shouldn't make much of a difference if everything is running over HTTPS and it's definitely nice to keep all queries private.
I'll stick with HTTP authentication via .htaccess for now but I'm looking for something a little bit nicer, need to read more.

Add new comment

Centrifuge

Security in Centrifuge

I like this idea

Syndicate

Previous posts