[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Working on a security best practices document
- Subject: Working on a security best practices document
- From: Chris Travers <..hidden..>
- Date: Wed, 27 Jan 2010 13:49:46 -0800
I am working on a security best practices document. I am interested in the following things:
1) Browser settings and recommendations
2) Browser plugin recommendations
3) Other general practices beyond the usual stuff (least privilege, necessary for each user, etc)
I expect this to be important for 1.3 because of major changes in how security is handled.
In general, my current recommendations are:
1) New and patched Firefox with the NoScript prugin.
2) Looking into IE8 and anti-clickjacking measures
3) Recommendations that LedgerSMB is always run over SSL, and that where appropriate SSL client certs are used as a part of 2-factor authentication.
4) Mozilla script security policies. I expect a number of these to be cooperatively developed as addons for 1.3.