I made a suggestion to Alpha to add a "security lockdown" option to their publishing process. I wanted to run the idea past the message board and see if you think it is a good idea or not.
Background: when you in the process of creating a web application you need to publish web security files from your desktop to your server. As soon as you publish these files to your server, you have two sets of security files, one on your desktop, and one on the server.
As soon as your web application goes live and the first user adds themselves to your online application, your server security files are DIFFERENT than your desktop files. Your server files are "live" in that they contain the most current list of users. Your desktop copy is "stale".
If you were to publish your desktop security files to the server, accidently or on purpose, it would overwrite your "live" files, effectively deleting all of your users, or any users since your last backup, if you have one. All of them would have to re-register.
Its very easy to overwrite your security files, just check the box that says Publish Web Security Data tables - a mistake you ARE going to make someday.
Note - do make a daily backup of your online websecurity*.* files and your own users table. I use Cobain Backup 9 for all of my backup needs, see my website under Utilities.
Anyway, I suggested Alpha add a "Lockdown" check box deep in the View > Settings area that, if checked, would prohibit publishing of any user-related security files and any tables you identified, like your local users table. A typical application would spend years in this lockdown condition.
So is this Lockdown a good idea?
Background: when you in the process of creating a web application you need to publish web security files from your desktop to your server. As soon as you publish these files to your server, you have two sets of security files, one on your desktop, and one on the server.
As soon as your web application goes live and the first user adds themselves to your online application, your server security files are DIFFERENT than your desktop files. Your server files are "live" in that they contain the most current list of users. Your desktop copy is "stale".
If you were to publish your desktop security files to the server, accidently or on purpose, it would overwrite your "live" files, effectively deleting all of your users, or any users since your last backup, if you have one. All of them would have to re-register.
Its very easy to overwrite your security files, just check the box that says Publish Web Security Data tables - a mistake you ARE going to make someday.
Note - do make a daily backup of your online websecurity*.* files and your own users table. I use Cobain Backup 9 for all of my backup needs, see my website under Utilities.
Anyway, I suggested Alpha add a "Lockdown" check box deep in the View > Settings area that, if checked, would prohibit publishing of any user-related security files and any tables you identified, like your local users table. A typical application would spend years in this lockdown condition.
So is this Lockdown a good idea?
Comment