[eluser]jcjc[/eluser]
I'm building a web app that will include a payment gateway delivered by stripe and need to check if theres anything I've forgot to include to make it secure. So far I've done the following:
Encryption key has been set
Enabled global XSS filtering
Sha1 and salted passwords
Cookies stored via database
Token names and session data encrypted
All queries are active record
All input fields are validated before database is queried.
Admin passwords to access key areas, mysql db's are strong
User input is separated into it's own model.
Output results are cached
Have I missed anything.
Thanks
