Tell me more ×
Answers OnStartups is a question and answer site for entrepreneurs looking to start or run a new business. It's 100% free, no registration required.
up vote 6 down vote favorite
1

I have developed a website. On the one hand, I want people to know my website so I want to make the website open to public access, and on the other hand,I fear that my website is not secure enough, some hackers may crack my website, besides I have not created a formal "Terms of service". How can I deal with this issue?

share|improve this question

2 Answers

up vote 4 down vote

Considering there's no information about your website, you've made this particularly hard to answer.

First, you can create a rough draft of your Terms of Service by copying and modifying from some other site similar to your own that has a public TOS.

Second, before your site can get hacked, a hacker has to:

  1. Find your site
  2. Decide it's worth hacking

Now, without knowing what your site is, it makes it difficult to determine whether your site is worth hacking. Some things you should make sure you're doing are encrypting all sensitive data (if you're using PHP, salt and hash the data using the built-in MD5 function).

For more things to consider, look at this question on Stack Overflow and the first answer.

share|improve this answer
2  
Not true that your site has to be interesting to be hacked. Lots of script kiddies hit arbitrary sites looking for jumping-off points for serious hacking. – Jason Jan 11 '10 at 20:30
Fair enough, but even so, not every site is worth hacking even as a jumping off point. But, given that some people will use a randomly selected site as testing grounds, the bar may not be very high. – Elie Jan 11 '10 at 20:33
up vote 2 down vote

Here is a great start for your terms of service, [Automattic, the team behind wordpress, has placed][1] theirs under an acceptable license.

As for security, let's go over a few basics:

 1. Do you store credit card info?  If you do, do not pass go and do not collect $200, find a different way.  Very few companies are capable of properly storing credit card info.    2. Do you have users passwords in plaintext in your db. If you do, MD5 or better is your friend use it.   3. Does the site run on a server that has a firewall installed?  4. If it is a vps, physical server etc, are all ports except 80 and possibly 443 blocked?  5. In your coding, did you use parameterized queries?  If not, fix that code.   6. In your coding, do you sanitize everything passed to you from the web and HTML encode anything that the user might have entered that gets displayed in the HTML?  If not, fix it.   7. Are the passwords for admin logins relatively secure?  If not, fix it. 

If you've got the bases above covered, you are better than a good portion of the web.  

Those are the most basic steps for determining if your site is ready to go up security wise.  

    [1]: http://en.wordpress.com/tos/

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.