16 lines
1.0 KiB
Markdown
16 lines
1.0 KiB
Markdown
|
Security
|
||
|
--------
|
||
|
---
|
||
|
This section could use some updates. Consider [contributing](https://github.com/donnemartin/system-design-primer#contributing) !
|
||
|
|
||
|
Security is a broad topic. Unless you have considerable experience, a security background, or are applying for a position that requires knowledge of security, you probably won't need to know more than the basics:
|
||
|
|
||
|
- Encrypt in transit and at rest.
|
||
|
- Sanitize all user inputs or any input parameters exposed to user to prevent [XSS](https://en.wikipedia.org/wiki/Cross-site_scripting) and [SQL injection](https://en.wikipedia.org/wiki/SQL_injection) .
|
||
|
- Use parameterized queries to prevent SQL injection.
|
||
|
- Use the principle of [least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege) .
|
||
|
|
||
|
### [](https://github.com/donnemartin/system-design-primer#sources-and-further-reading-12) Source(s) and further reading
|
||
|
|
||
|
- [Security guide for developers](https://github.com/FallibleInc/security-guide-for-developers)
|
||
|
- [OWASP top ten](https://www.owasp.org/index.php/OWASP_Top_Ten_Cheat_Sheet)
|