|
Click to See Complete Forum and Search --> : Ways to secure website cobacamat 01-04-2005, 12:39 AM hi all is there anyone here can list ways to secure website? i mean do we have to do something beside make protection through coding to secure our site. thanks ;) number7 01-04-2005, 03:25 AM There are many ways to secure a website and there are also many other ways to hack it off. I suppose use of complex security gives the best results: - Check and validate all variables user submit's to your website. o If it must be a number check if it's really a number. o If it must be an e-mail check if it is. o and so on... - Check not only form submissions but also ID's, SID's you send to your website's server. Validate all data you recieve before use. - Use HTTPS for secure transactions and sensitive information submission. - Use not standard filenames for example use .edo34rdfdf instead .httpwd - Use mod_rewrite to hide your real script type. - Make sure all your website directories have correct permissions. - Avoid using JScript for data validation. - Monitor your website traffic activity for possible attacks. Especially weak points. - Set error_reporting(0) for all files in PHP while not in debug mode. - Use complex database names and passwords. That's maybe all I could suggest for know. Post some more when get in mind. dreamcatcher 01-04-2005, 01:34 PM If you are storing passwords in a database, use some form of encryption. Send out a validation link if someone joins so that the person has to verify his/her e-mail address and if they change their address, force them to do so again. For usernames, stick to alphanumeric for security. Like number7 mentioned, test to make sure that what they have entered IS what is should be. Same goes for passwords. Javascript checking is ok, but always do server side checking as well. Assume that older browsers may not render the javascript properly. Use mysql_escape_string when storing stuff in your database to prevent SQL injection attacks. Don`t allow your visitors to post any kind of tags, strip them from the code. If using query string, make sure that you check that the query string is what it should be to prevent anyone altering the URL. Redirect them to a page with a warning. Set cookies so that you can prevent multiple sign ups from the same IP. This can also be useful if you want to ban members. Make sure that forms being submitted are being submitted on your server. Prevents anyone from copying the code and altering it. dc webdeveloper.com
Copyright Internet.com Inc., All Rights Reserved. |
|