0

I'm getting ready to deploy a website and wanted a second opinion on the security. I have a database containing hashed passwords with correlating usernames to log in with. On top of that, I'm using a google cloud instance that can only be accessed over a certain IP range (CIDR range) and specific IPs such as employees' home IPs.

Currently the website can pull files to manipulate the data. It can also upload data to the database but all these connections are refused outside of the whitelisted IPs. Should this be enough security for me not to worry?

schroeder
  • 123,438
  • 55
  • 284
  • 319
boredProjects
  • 1
  • 1
  • Worry about what? – schroeder Sep 23 '22 at 23:25
  • 1
    The question is very broad. It is not clear what risks you consider. It is not clear if you have addressed any other security problems. I'd suggest you start from checking the [OWASP Top 10](https://owasp.org/www-project-top-ten/). – mentallurg Sep 23 '22 at 23:28
  • Security is never enough. For example: did you hash password with salts or did you use Pbkdf2? Database backups? Xss, csfr, countless bugs in all software you use from os to frameworks, webapp, misconfiguration, ddos, social engineering attacks, malware against trusted hosts/employee...its countless list. You never may not to worry. – gapsf Sep 24 '22 at 06:51
  • try add to website cloudflare is free for 10 years! – Bryro Sep 24 '22 at 07:21
  • There are not enough details. But I assume the current IP address whitelisting applies to **web** access. What about other services running on the server, like SSH? Are they restricted in the same fashion? – Kate Sep 24 '22 at 15:53

0 Answers0