LinkBack URL
About LinkBacksWhat are they, and how can I avoid or counter those things? Can you give this newbie some tips on how to make sure that my site is safe? For example, how can I protect my MySQL database?
x10Hosting Member
What are they, and how can I avoid or counter those things? Can you give this newbie some tips on how to make sure that my site is safe? For example, how can I protect my MySQL database?
Community Advocate
First that comes to my mind is SQL injection attacks.
These can allow hackers to execute arbitrary SQL commands on your database through your Web site.
To avoid this type of attacks, every piece of data supplied by a user on a Web form( like in your case chat boxes )must be sanitized/validated so that they do not contain information that is not expected.
You can use php scripts to sanitize, so that data that gets into database is free from attacking statements.
x10Hosting Member
That will be number 1. Basing from what you've said, me thinks that I need to learn how they do that for me to produce the security that I need if I'm starting from scratch.
Community Advocate
Firm grip on concepts of php and mysql !
Remove characters like " = etc. Google that.
#2 Restrict access to administrative folders.
x10Hosting Member
Got it. I'll focus with that first. I'm going to wait for additional information others can provide. And I'll Google for more information about my topic. :D
x10 Spammer
Last edited by misson; 01-30-2011 at 08:37 PM.
Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.Misson, not Mission.
x10 Elder
Forgetting to disable directory browsing is a real classic, it's amazing sometimes what people leave in plain text files.
SQL injection is still rife, largely because every PHP tutorial you see about passing data just uses the bare bones basic script with no mention of validation using stripslashes or better still preg_replace. So newbies get into bad coding habits from the beginning.
The code must flow.
Project 157: Latest UK Jobs direct to your mobile phone
New Domain under construction: Lovelogic.net
home for some new projects that we can't keep here ;)
x10 Spammer
Did you mean to include addslashes?Originally Posted by cybrax
Rolling your own sanitization function is bad practice, as you can easily forget an edge case or simply not be aware of a vulnerability. Even with DB provided quoting functions, SQL injection can still be a problem (look up "truncation attacks" and "multibyte vulnerabilities"). These days, everyone should be using prepared statements.
Last edited by misson; 01-31-2011 at 02:24 PM.
Be sure to read all pages linked in this post; they have further information that should prove useful. When asking for help, make sure you follow Eric Raymond's and Jon Skeet's guidelines for prompt, accurate responses. Please answer any questions I ask; they're not rhetorical (probably). Any posted code is intended as illustrative example, rather than a solution to your problem to be copied without alteration. Study it to learn how to write your own solution.Misson, not Mission.
Grim Squeaker
If you use a CMS, do not use 'admin' for the admin account and use a good password. ( at least 2 each of upper, lower, digit, punctuation )
Do not use hacked authoring/FTP tools. Some of those add stuff to your code.
Don't let your little brother near your computer.
Don't trust anything a user inputs. Sanitize anything going into a database and sanitize html entities that you might display on your site.
Use some sort of captcha to prevent spambots.
Nothing is always absolutely so.
Community Support Team
I would add change your password frequently to that very good advice.If you use a CMS, do not use 'admin' for the admin account and use a good password. ( at least 2 each of upper, lower, digit, punctuation )
Last edited by carl6969; 01-31-2011 at 03:05 PM. Reason: Caffeine Deprivation
Posting Permissions
Reply With Quote