September 23, 2010
14:14
Shared the link Security Lessons Learned From The Diaspora Launch
Security is not easy, and building a secure open source product in front of a large crowd is even harder, especially with the kind of attention Diaspora got. This post is a must read for anyone willing to do something similar.
One suggestion by the author on how to avoid this mess (besides writing good secure code):
"I would have released the code that they had with the registration pages elided, forcing people to only add new users via Rake tasks or the console. "
Which is exactly what we did with Onesocialweb: disable all registrations means in the clients, to avoid other people hosting public node easily, and thus enforcing some restrictions in using our early stage code.
There is no comment for this article.
Latest comments