11-28-2017, 02:45 PM
I am not an expert on site security - it would appear that as soon as one security hole is plugged another will appear. Hackers can be extremely resourceful and the best one can do is make life as difficult as possible for the hacker without making your application unusable.
As with password choices, security headers could be offered as an option for users to make. A basic set of secure headers could be recommended for all users with others as an option. Much would depend upon what type of application each user is developing.
http://searchsecurity.techtarget.com/ans...a-security offers some advice on cache control.
Perhaps a suck and see approach is the best option when you do not know how Userspice is going to be used by a user. Offer a list of headers for selection/deselection on the understanding that if selected and everything still works then one more potential security hole has been blocked.
As with password choices, security headers could be offered as an option for users to make. A basic set of secure headers could be recommended for all users with others as an option. Much would depend upon what type of application each user is developing.
http://searchsecurity.techtarget.com/ans...a-security offers some advice on cache control.
Perhaps a suck and see approach is the best option when you do not know how Userspice is going to be used by a user. Offer a list of headers for selection/deselection on the understanding that if selected and everything still works then one more potential security hole has been blocked.