Author Topic: Data Security (Read 655 times)

emmy · January 21, 2011, 05:05:45 am

How do I go about making sure that Memberships data is secure from hackers.

I am using an external host for my drupal site of which I have intergrated civicrm.

I would like to make absolutely sure that no users sensitive details have some form of protection.

If anyone has any ideas I would love to hear them.

Kind regards

xavier · February 10, 2011, 12:47:30 am

Hey,

The more people can see and audit the code, the more bugs and security holes can be fixed. Be sure the webserver doesn't have write access to anything else than strictly needed, choose safe passwords, enforce that you users have safe password, use ssl, harden your php on the server, run rootkit checks, audit the logs, ban IP addresses that scan ports, be sure you don't share your server with compromised or badly installed programs...

Long list, and only the tip of the iceberg. Security is hard and even big banks running financial services get hacked.

This being said and assuming you don't have the technical knowledge and time to install and run and verify

1) Be sure you update your software and follow the announcements about new versions
2) Use open source software that are widely used
3) Be damn sure your users know about never giving their password, and how to pick up a strong one, and change it

The last one is where you are more likely to get hacked through, and probably the hardest part to protect.

Good luck

X+

CiviCRM Community Forums (archive)

News:

Author Topic: Data Security (Read 655 times)

emmy

Data Security

xavier

Re: Data Security