Good Practices - Things to do to secure the site before going live

Permalink
I've got some basic concerns that I have not taken any precautions to prevent the site from being hacked.

Is there a recommended list of "Good Practices / Check list" to ensure I've covered what I should.
- biggest concern is the "Config" file showing database access and password.
- Are there other things - that you guys have learned as you have implemented (like preventing sql injection, etc).
- Is there an area on the site for this kind of list (sorry if I missed it)
I hope this is the appropriate thread to post this

- Any help / direection much appreciated - thanks in advance

HOBOcs
View Replies: View Best Answer
HOBOcs replied on at Permalink Reply
HOBOcs
bump
12345j replied on at Permalink Best Answer Reply
12345j
the config file should be safe, likehttp://concrete5.org/config/site.php... you can't see the values that it uses
data inputs in the core are sanitized and theres helper function to sanitize custom data
http://www.concrete5.org/documentation/how-tos/editors/security-and...
HOBOcs replied on at Permalink Reply
HOBOcs
Perfect - just what I was looking for.(Reassurance)
I'm good to go.
I appreciate the quick response J (Thumbs Up)