MDDB Security

The Morris Dance Database is an ongoing project and will always be subject to updates and additions as teams come and go and their repertoires change. To allow timely updates, various individuals can log in to update information relating to their own interests (e.g. teams or morris organisations)

Naturally there may be some security concerns, and I've tried to address them here.

Backups

All sites on my hosting are backed up daily to local storage from which retrieval is quick and simple. Identical backups are also made to an offsite backup server (not even in the UK). Both backup schemes currently retain the last 10 daily backups, 4 weekly backups and 6 monthly backups.

Password Encryption

Password security uses current recommended best practice; in particular strong encryption is used, passwords are never sent by email and dictionary words or known common passwords are not accepted.

Link Encryption With SSL

All connections to the web site are though an https: URL, which means that all data passing to or from the site (including but not limited to passwords) is encrypted and cannot be read or modified e.g. by intercepting an unsecured WiFi network.

Online Testing

The server and site have been checked with the free online site security checker at SSL Labs with an A+ rating.

SQL injection attacks and Hacking

SQL injection used to be a very common method for hacking sites that use obsolete database access code. MDDB exclusively uses methods which are immune to such attacks.

Several precautions are taken to prevent cross-site script (XSS) attacks, i.e. to make sure that data which will later be displayed on a page is filtered so that it cannot contain undesirable HTML markup or Javascript code that could be executed invisibly on web browsers.

Availability

As of June 2019, my main hosting is provided by Bitfolk, a small and highly competent provider based in London Telehouse North that specialises in good value hosting for experienced users. The server has duplicated file storage, preventing data loss on single disc failure. (actually SSD: nobody uses real disks for live web sites any more.)

Anahata
Webmaster
Treewind Hosting
19 February, 2018
Updated 25 November, 2019