MDDB Security

The Morris Dance Database is an ongoing project and will always be subject to updates and additions as teams come and go and their repertoires change. To allow timely updates, various individuals can log in to update information relating to their own interests (e.g. teams or morris organisations)

Naturally there may be some security concerns, and I've tried to address them here.

Backups

All sites on my hosting are backed up daily. Daily backups are kept for up to 6 weeks. Backups are also copied daily to offsite hosting from a different provider outside the UK.

Password Encryption

Password security uses current recommended best practice; in particular strong encryption is used and passwords are never sent by email.

Link Encryption With SSL

All connections to the web site are though an https: URL, which means that all data passing to or from the site (including but not limited to passwords) is encrypted and cannot be read or modified e.g. by intercepting an unsecured WiFi network.

SQL injection attacks and Hacking

SQL injection is a very common method for hacking sites that use obsolete database access code. MDDB exclusively uses methods which are immune to such attacks.

The site uses no Javascript, so cross-site scripting attacks are not possible, and any HTML markup entered in a text field (which could include malicious scripts) is rendered on the page as visible code so it cannot be executed by browsers.

Availability

My hosting is provided by Bytemark, who have multiple data centres and points of presence around the UK. My server has duplicated file storage, preventing data loss on single disc failure. Storage, processing and memory can be migrated seamlessly to new hardware whenever necessary, with no loss of service.

Anahata
Webmaster
Treewind Hosting
19 February, 2018
Updated 13 September, 2018