Richard's comment about storing password hashes rather than actual
passwords has got me to thinking that there are probably several basic
server activities developers should do when creating a database. Doing
these things from the beginning will help avoid future headaches.
Despite a couple decades of coding experience, I have not done much with
servers, so I was only able to think of a few basics, but maybe you guys
could add to it, so that other LC developers can avoid these pitfalls?
- Store password hashes rather than passwords, using a proven, established
method of 1-way encrypting passwords.
- Work on a development server rather than the production server, and copy
the dev server stack over to the main stack when every thing is tested and
ready for an update.
- Store backups and old versions of the server stack, and server files,
somewhere other than the server, so that it is easy to recover if a hacker
should ransack the server or if some faulty piece of server-side code
sneaks through testing.
- Use indexing, with a scheme for increasing levels of indexing, to speed
up server searches as the record base grows.
- Regularly change admin passwords for the server, to deter hacking.