Changes between Version 16 and Version 17 of security


Ignore:
Timestamp:
Aug 17, 2017, 3:09:10 PM (4 years ago)
Author:
Jamie McClelland
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • security

    v16 v17  
    4141=== Web sites ===
    4242
    43 Web sites also cross many different security themes. Your web site may contain sensitive data that should only be scene by people with the right access. Also, your web site may track visitors, which could be  used in a lawsuit to against your allies.
     43Web sites also cross many different security themes. Your web site may contain sensitive data that should only be scene by people with the right access. Also, your web site may track visitors, which could be  used in a lawsuit to against your allies. And lastly, web sites are the most popular target of denial of service campaigns - when your political opponents try to shutdown your web site using legal or technical measures.
    4444
    4545 * If your web site address does not have a padlock next to it (and is not accessible via https) - then all traffic to and from your site is in plain text and can be watched by anyone with the legal or technical means to intercept it. If you use a username and password to login to your site - that information is also sent without encryption. At May First/People Link, you can enable encryption [wiki:/faq/security/setup-certificate with a few clicks] thanks to [https://letsencrypt.org/ Lets Encrypt].
    4646 * If you are using your site to organize people, and your campaign is successful, you could find yourself under criminal investigation in which [https://mayfirst.org/en/2017/content-statement-justice-department-demands-dreamhost/ logs of every visitor to your site are subpoenaed]. Find out how to [wiki:web_server_logs turn off logging on your site] to avoid being placed in this position.
    4747 * May First/People link has an extensive [wiki:/faq/data-backup backup system in place]. However, if downtime is critical, we encourage you to mainain [wiki:/faq/member-backup your own backup as well]. Deciding your backup strategy will require a trade-off between privacy (you don't want backup copies lying around) and reliability (you want to have the data to get your site back online at a moment's notice)
     48 * Many campaigns are shutdown right when they are gaining momentum due to legal take down notices. If you are running a campaign that involves a spoof or any content that could even just barely be considered illegal, please check in with us first so we can involve our generous pro-bono lawyers at the [https://eff.org/ Electronic Freedom Foundation]. We have a [wiki:/legal web page documenting our history fighting legal threats] - something you should expect from any organization providing digital services.
     49 * Other campaigns are shutdown due to a technical denial of service attack - when anonymous attackers flood your web site with so much data that it stops working properly. We work closely with [https://deflect.ca/ Deflect] - a DDOS protection service and have [https://mayfirst.org/en/2015/were-back-improved-and-ready-thanks-you/ extensive experience] fending off these attacks.
    4850
    4951=== Databases ===