Good Practices - Things to do to secure the site before going live

I've got some basic concerns that I have not taken any precautions to prevent the site from being hacked.

Is there a recommended list of "Good Practices / Check list" to ensure I've covered what I should.
- biggest concern is the "Config" file showing database access and password.
- Are there other things - that you guys have learned as you have implemented (like preventing sql injection, etc).
- Is there an area on the site for this kind of list (sorry if I missed it)
I hope this is the appropriate thread to post this

- Any help / direection much appreciated - thanks in advance

View Replies: View Best Answer
HOBOcs replied on at Permalink Reply
12345j replied on at Permalink Best Answer Reply
the config file should be safe, like you can't see the values that it uses
data inputs in the core are sanitized and theres helper function to sanitize custom data
HOBOcs replied on at Permalink Reply
Perfect - just what I was looking for.(Reassurance)
I'm good to go.
I appreciate the quick response J (Thumbs Up)