Programming: Security
From wikinotes
Some general rules:
- security by obscurity isn't security at all
- run applications as a user with the minimum possible permissions to limit what can be done if compromised
https://thomashunter.name/blog/password-encryption-hashing-salting-explained/ | salting/hashing/encryption in the database |
https://crackstation.net/hashing-security.htm | very detailed overview of how, and why to salt/hash passwords. Also describes common attack types. |