14 lines
896 B
Plaintext
14 lines
896 B
Plaintext
== Recommended Secure Coding Practices
|
|
|
|
* Make application data transit over a secure, authenticated and encrypted protocol like TLS or SSH. Here are a few alternatives to the most common clear-text protocols:
|
|
** Use ``++ssh++`` as an alternative to ``++telnet++``.
|
|
** Use ``++sftp++``, ``++scp++``, or ``++ftps++`` instead of ``++ftp++``.
|
|
** Use ``++https++`` instead of ``++http++``.
|
|
** Use ``++SMTP++`` over ``++SSL/TLS++`` or ``++SMTP++`` with ``++STARTTLS++`` instead of clear-text SMTP.
|
|
* Enable encryption of cloud components communications whenever it is possible.
|
|
* Configure your application to block mixed content when rendering web pages.
|
|
* If available, enforce OS-level deactivation of all clear-text traffic.
|
|
|
|
|
|
It is recommended to secure all transport channels, even on local networks, as it can take a single non-secure connection to compromise an entire application or system.
|