[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Working on a security best practices document

Subject: Working on a security best practices document
From: Chris Travers <..hidden..>
Date: Wed, 27 Jan 2010 13:49:46 -0800

Hi all;

I am working on a security best practices document. I am interested in the following things:

1) Browser settings and recommendations
2) Browser plugin recommendations
3) Other general practices beyond the usual stuff (least privilege, necessary for each user, etc)

I expect this to be important for 1.3 because of major changes in how security is handled.

In general, my current recommendations are:

1) New and patched Firefox with the NoScript prugin.
2) Looking into IE8 and anti-clickjacking measures
3) Recommendations that LedgerSMB is always run over SSL, and that where appropriate SSL client certs are used as a part of 2-factor authentication.
4) Mozilla script security policies. I expect a number of these to be cooperatively developed as addons for 1.3.

Any thoughts?

Best Wishes,
Chris Travers

Follow-Ups:
- Re: Working on a security best practices document
  - From: Michael Richardson

Prev by Date: Re: Handling Employee Expenses
Next by Date: Finally it is here "LSMB Partnumber Search Patch" for AR and AP
Previous by thread: 1.2.19 release candidate released
Next by thread: Re: Working on a security best practices document
Index(es):
- Date
- Thread