1.3 Security

Security is absolutely crucial. There are a lot of folks on the Internet who want to crack into your computer. It is in your best interest and everyone else's that you do all you can to deny them this bizarre satisfaction. Cracking is a time-honored culture (perhaps "honored" is not the right word); it should be more of a time-honored tradition to make it difficult. However, this is not a book on securing your computer; it is a book on Open Source web development. We discuss security issues when appropriate, and highly recommend (for obvious reasons) Hacking Linux Exposed (www.hackinglinuxexposed.com [Hatch+ 02]) as a good reference. Also, check out the Linux Security HOWTO at www.linuxdoc.org/HOWTO/Security-HOWTO.html; this is a must-read for securing your Linux box.

Security is a process, not a step. ^[5] Every time you write a program, install software, or change a password, security should be foremost in your mind.

^[5] See Secrets and Lies: Digital Security in a Networked World [Schneier 00]. A must-read, not for what it says about how to secure your computer, but how to think about security in general. It points out many of the fallacies common in most half-baked security measures taken today, and just how difficult it is to be secure.