14 lines
883 B
Plaintext
14 lines
883 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
* Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most common clear-text protocols:
|
|
** Use``++ssh++`` as an alternative to ``++telnet++``
|
|
** Use ``++sftp++``, ``++scp++`` or ``++ftps++`` instead of ``++ftp++``
|
|
** Use ``++https++`` instead of ``++http++``
|
|
** Use ``++SMTP++`` over ``++SSL/TLS++`` or ``++SMTP++`` with ``++STARTTLS++`` instead of clear-text SMTP
|
|
* Enable encryption of cloud components communications whenever it's possible.
|
|
* Configure your application to block mixed content when rendering web pages.
|
|
* If available, enforce OS level deativation of all clear-text traffic
|
|
|
|
|
|
It is recommended to secure all transport channels (even local network) as it can take a single non secure connection to compromise an entire application or system.
|