Hacker News new | comments | show | ask | jobs | submit login
Ask HN: How do you secure your preferred web or app stack?
3 points by SkyMarshal on Nov 27, 2012 | hide | past | web | favorite | 1 comment
Most web or app frameworks are not entirely secure out of the box. Of the ones you know well and use regularly, what do you do to secure the default install/config?

First of all, run it under it's own dedicated uid to minimise the damage if it does get compromised. Make it so that that uid doesn't have write access to any of the web space, including the files making up that web application. Stick a web application firewall in front of it, like mod_security for Apache. Always keep it patched up to date, including any plugins. Make sure you follow any relevant RSS based changelogs, blogs, mailing lists or Twitter streams etc so you're informed of any security problems.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact