I'm a hobby developer working on a web panel for one of my mods, and I want to make sure it's secure. I've set up a command queue API that's locked down, with all actions being audited. It operates on a per-server secret and uses HTTP for communication. Notably, there's no public access since it runs on a server-to-server trust model. All actions are controlled by the mod on the server side, and the panel just sends requests. What should I keep in mind to enhance the security further?
2 Answers
Just to clarify, you mention there’s no public access, but does that mean users can’t log in to the panel at all? For an added layer of security, ensure that your connections between the server and the panel are secure and authenticated.
You should definitely switch to HTTPS instead of plain HTTP. It's more secure and prevents eavesdropping on your data. Even if you're using a self-signed certificate, it can still provide a good level of protection for your use case.
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically