Merge pull request cakephp#208 from Ivoz/patch-2

Added a mention of common things to secure with your app before deploying to the wild.
vitorpacheco · Mar 6, 2012 · 972ff62 · 972ff62
2 parents b564f8c + 7d64bc6
commit 972ff62
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/en/deployment.rst b/en/deployment.rst
@@ -4,6 +4,17 @@ Deployment
 Once your application is complete, or even before that you'll want to deploy it.
 There are a few things you should do when deploying a CakePHP application.
 
+Check your security
+===================
+
+If you're throwing your application out into the wild, it's a good idea to make
+sure it doesn't have any leaks. Check the :doc:`/core-libraries/components/security-component` to guard against
+CSRF attacks, form field tampering, and others. Doing :doc:`/models/data-validation`, and/or 
+:doc:`/core-utility-libraries/sanitize` is also a great idea, for protecting your
+database and also against XSS attacks. Check that only your `webroot` directory 
+should be publicly visible, and that your secrets (such as your app salt, and
+any security keys) are private and unique as well!
+
 Set document root
 =================