How to protect PHP website in 3 steps
if you are a website programmer or developer, never ever trust website viewer. Instead think viewer as an enemy that must be fed with the best of the food but never allowed to enter in the castle.
Not all readers are trustworthy, in mostly less than 0.01% of your readers can be hackers and they can harm your website if you trusted them. Here, we are providing just 3 steps to safeguard/protect a php website.
Not all readers are trustworthy, in mostly less than 0.01% of your readers can be hackers and they can harm your website if you trusted them. Here, we are providing just 3 steps to safeguard/protect a php website.
"The most important security hole is safe_mode(), Never ever disable this in php settings"
1) Storing data in database
If you want to store data from users into database, always use addslashes() functions for every input. Users may add javascript code or iframe code in databases, so try to use strip_tags() function as well.
2) Printing Data
When ever you show data to user or output information, always user strip_tags() function and allow only div, p,br,strong,or font tags. Strip all other tags, otherwise, some user will insert malicious code in database and may iframe data or output javascript code
3) Session handling
Session hijacking is complex thing, and you must be worried about it if you have really serous website contents or user information. Otherwise, it’s not big thing. But when ever you let users to change password/change email or other information, ask them to re-enter old password. It will stop this problem of session hijacking.
If you want to store data from users into database, always use addslashes() functions for every input. Users may add javascript code or iframe code in databases, so try to use strip_tags() function as well.
2) Printing Data
When ever you show data to user or output information, always user strip_tags() function and allow only div, p,br,strong,or font tags. Strip all other tags, otherwise, some user will insert malicious code in database and may iframe data or output javascript code
3) Session handling
Session hijacking is complex thing, and you must be worried about it if you have really serous website contents or user information. Otherwise, it’s not big thing. But when ever you let users to change password/change email or other information, ask them to re-enter old password. It will stop this problem of session hijacking.
Don’t store sensitive information in cookies.
Well, just these 3 steps will keep your website from harm’s way. Oh i forgot, if you have admin section, password protect the admin directory. You can do it in cpanel or whatever control panel is provided by your hosting company because you never even tell the location of your safe in which your money rests !
No comments:
Post a Comment