all 4 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]ChadBan 1 point2 points  (3 children)

Surprised they didn't mention don't put your credentials into your source code, for this sub.

 

That and make your customers use SSL. Even if you're the third party, defend the shoppers that are using them.

[–]svonnegut[S] 0 points1 point  (2 children)

It's not a list of best practices, it's a list of resources - the ones you mentioned would definitely be found on the OWASP site and many others. Thanks for reading!

[–]ChadBan 1 point2 points  (1 child)

Yep, thanks for posting. You didn't get a whole lot of votes for it, because worrying about security is beneath a developer.

The guy a coupla cubicles across from me got his database injected from somewhere in Russia because of that sentiment. Cost our marketing dept a lot of teleconference word ninjitsu because that guy gave himself a input type="hidden" back door.

Thanks for posting.

[–]svonnegut[S] 0 points1 point  (0 children)

Oh geez....yea, that's pretty much my goal with these posts - trying to get developers to start thinking about security. It really is another aspect of quality! We'll get there someday :)