Hi,
How reliable is Heroku for a sensitive app? Can they be trusted for a very important app? Have you used it for a long time? What's your opinion?
Thanks
+4
A:
Heroku provides information about security policy in its legal section. According to the security documents, it seems to have a really reliable infrastructure and I have been using it for 1 year without any issue. I also didn't heard about noticeable security flow in its system.
Some technical restrictions, such as the read-only file-system, can be a hassle at first glance but increases the security of the platform.
It is indeed much more secure than many other VPS providers and, unless you can benefit of a team of sysadm and security expert, you can probably trust them more than how you can trust your infrastructure.
A good infrastructure doesn't meen bullet-proof software. Your first priority should be to make sure your software won't include any security flow. Stress your software, use unit and integrational tests to make sure your software is stable and you are not including any regression.
Simone Carletti
2010-09-21 08:52:50