Reaction to the Facebook code leakage: Protect your site!
Friday, August 24th, 2007Nik Cubrilovic, occasional writer for Techcrunch, has published a good article concerning source code security in response to the Facebook code leakage I hope none of you missed.
Short summary:
- Use mod_security
- Put all of your code except index.php outside of your web root
- Change the default file type in the Apache (or whatever you use) configuration
- Use ‘Deny all’ to prevent access to folders outside the web root
For more in-depth information and guidelines how to implement these security measures check out Nik’s blog.
