Here's some little known info that should be common knowledge, to help out.
First one isn't really helpful, I just had to say it: Hackers make things, It's crackers that break things (or break into them).
Second one is slightly more helpful: These naughty cracker type folks (the ones that know what they're doing anyway) tend not to use the code you write to break into servers directly as much as they use them as a means to reach a potential vulnerability already in the host machine.
For example, say you had an installation of some kind of mail server software on your host machine that had a security flaw of some type. If your page was for letting people send emails to you by typing it in on the page and clicking send or whatever, then they might use your page as a means of transporting their malicious code into the mail server software to invoke the vulnerability. It wouldn't have been your code that you wrote for the email page, but rather the email software its self that would have had the insecure code.
Your main priority in keeping things as secure as you can sould be to ensure that all the software on your host machine is as up to date (and mature) as possible. Sadly, unless you're maintaining the machine yourself, this probably isn't going to happen. I don't think I've ever seen a hosting provider keep everything that matters up to date.
Reply With Quote
Depends
Bookmarks