Results 1 to 3 of 3

Thread: Review Stage

  1. #1
    Join Date
    Jul 2006

    Review Stage


    I am close to launching a website that i have been working on for some time now and i plan on carrying out a significant review of security .

    I understand that one of the biggest areas of concern from a security point of view is how you handle user input (fields / forms etc.)

    I don't expect anyone to reply with tonnes of information on each, as the internet is full of help and advice BUT the one downside of the internet is 'how up to date' the information is (don't want to use / implement out dated practices) or the 'integrity' of the advice, especially in relation to this subject'.

    So what are your key best practices for each of the following:

    1 - Validating Input

    2 - Sanitizing Input

    Thanks in advance for your help...

  2. #2
    Join Date
    Jul 2012
    This is much more of a pain in the ass since you are using php, perl is so much easier to filter injections. If you want to truley sanitize your inputs, you need a seperate php file that will hanndle different data types and outputing it where ever it's suppost to go. Validating input, is more so to keep people from making a mistake on accident, as you still need to "validate" in your filter after submission. Use javascript to help the user know if he entered something wrong, and if you want you could have a basic layer of filtering in the user browser to keep newbs at bay, but be sure to check that same stuff on your sever before doing anything with it! And good luck doing it with php

  3. #3
    Join Date
    Feb 2013
    I'll add my .05 cents (It should be .02 cents...but inflation )

    I say if you can try to keep everything modularized on your website as much possible, it would add to your security a lot. If you can keep all you html on one page, by that I mean you headers and footers (HTML) [they can be separate files] and then have you can have content in modules (you can even keep these files in a separate folder) it would keep you organized and offer up better security. Keep you sensitive data (login requirements, database information, etc...) in a separate file (like already mention) in a different folder that way you can even further protect it by giving that folder a unique name (Don't use names that people use for tutorials, for why would you want to aid the script kiddies ) and you could even further protect it with a .htaccess file in the future if you so desired. I write special functions that sanitize my user input and I use this motto, "When it doubt, Sanitize It!".

    An lastly as someone has told me if you truly truly want it secure use Hypertext Transfer Protocol Secure (HTTPS); however, even that can be insecure - but you have to cut the cord sometime.
    Last edited by Strider64; 05-04-2013 at 02:17 PM.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center