We try to make our site as secure as we can—we want to protect both your privacy and our business.

  • We do not store your password directly—instead we apply something called a “a one-way seeded hash function.” In the unlikely event our database is compromised, it should be impossible in practice to recover any passwords from it. For those who are curious, we use bcrypt with a cost factor of 10.
  • We do not store credit card data in our systems, nor does credit card data pass through them. Instead, your details are sent directly from your browser to our highly secure payment gateway (Braintree Payment Solutions).
  • Our credit card processing is PCI compliant.
  • We work closely with a Rails core-team member who keeps us up-to-date with security fixes and helps keep our infrastructure up-to-date and safe.

We’d Appreciate Your Help!

We encourage anyone who finds a potential security problem in our site to contact us. We’ll respond as soon as we receive the report. We’d love to acknowledge your contribution below.

email: security@pragprog.com
  (feel free to sign with our PGP public key)
   
phone: +1 214 233 6543 (GMT-6)

Security Hall of Fame

Thanks to the following security researchers who helped us fix some potential vulnerabilities.

2013

  • Sudhanshu Chauhan
  • Nutan Kumar Panda
  • Ali Hasan Ghauri
  • Muhammad Shahmeer
  • Arvind Singh Shekhawat
  • Adam Ziaja
  • Yasir Altaf Zargar

2014

  • Muhammad Talha Khan
  • your name here?