Ask HN: Paranoid about security/reliability of my SaaS product?
I'm a self-taught developer and designer. I used to do freelance PHP work for smallish sites and never worried too much about this as I know the basics.
I've been playing with Django for a few months now and finally have 'the' SaaS idea I've been waiting for.
I'm working on the prototype right now but the problem is I'm afraid I'm not capable enough to carry this through reliably.
Some things I've been thinking:
- Are there security holes in the site?
- Am I storing/escaping all data correctly?
- Could I accidentally do something wrong with a database table?
- Is the server configured correctly?
Using Djano has alleviated this problem a lot because of it's built-in security (can't believe I used to use pure PHP!) but I'm still worried.
I know reading up more on Django/Python security, keeping database backups, studying server config., forming an LLC so I can't be financially destroyed by unhappy users, etc. will alleviate this further but I was hoping to hear if fellow HN'ers had similar issues.
I know there are countless sites with next to no security, but I believe if users are paying money for a product the least you can do is keep their data safe.
Would really appreciate some advice. Thanks!
2 comments
[ 4.8 ms ] story [ 19.5 ms ] threadActually, pure PHP (I assume by "pure" you mean "with no framework") is the safest of all, providing that the programmer is experienced. Hackers target known vulnerabilities in popular frameworks/CMSes/etc., so with a homemade mini-framework built by an experienced programmer you're better off security-wise than with a popular framework.
My point is not that you shouldn't use a framework. I personally love Django and two or three PHP frameworks. I just wanted to add a little perspective to the discussion of "pure PHP".