Server security: creating separate silos for applications & hashing passwords help
November 16, 2011 12:13 PM Subscribe
Can you help me understand how to approach a couple issues of server security. (1) I want to run things in 'silos', so that if someone from the web has hacked and has code level access to example.com/blog they can't query the db of example.com/app (2) If they do get access to a user database, how do I make it harder for them to figure out passwords (beyond just storing them as md5)?
posted by the mad poster! to Computers & Internet (13 answers total) 1 user marked this as a favorite
I'm thinking one thing that can be done is to actually encrypt passwords and put the shared secret in a place that can't be accessed by anything except the login code, something like that?
This would be based on linux & apache and most of the code for now would be php/mysql. Thanks for any info!