Changes between Version 14 and Version 15 of security

Aug 17, 2017, 3:01:36 PM (4 years ago)
Jamie McClelland



  • security

    v14 v15  
    4141=== Web sites ===
     43Web sites also cross many different security themes. Your web site may contain sensitive data that should only be scene by people with the right access. Also, your web site may track visitors, which could be  used in a lawsuit to against your allies.
     45 * If your web site address does not have a padlock next to it (and is not accessible via https) - then all traffic to and from your site is in plain text and can be watched by anyone with the legal or technical means to intercept it. If you use a username and password to login to your site - that information is also sent without encryption. At May First/People Link, you can enable encryption [wiki:/faq/security/setup-certificate with a few clicks] thanks to the [ Lets Encrypt project].
     46 * If you are using your site to organize people, and your campaign is successful, you could find yourself under criminal investigation in which [ logs of every visitor to your site are subpoenaed]. Find out how to [wiki:web_server_logs turn off logging on your site] to avoid being placed in this position.
     47 * May First/People link has an [wiki:/faq/data-backup backup system in place]. However, if downtime is critical, we encourage you to mainain [wiki:/faq/member-backup your own backup as well]. Deciding your backup strategy will require a trade-off between privacy (you don't want backup copies lying around) and reliability (you want to have the data to get your site back online at a moment's notice)
    4349=== Databases ===