Re: PS Re: GUI designer in html [message #182439 is a reply to message #182437] |
Sun, 04 August 2013 17:09 |
J.O. Aho
Messages: 194 Registered: September 2010
Karma:
|
Senior Member |
|
|
On 04/08/13 18:47, Twayne wrote:
> On 2013-08-04 2:32 AM, Lightee wrote:
>
> I feel it's necessary to let you know that HTML forms are notoriously
> famous for being hacked, cracked and used by miscreants for spamming
> using your forms.
It's not the HTML forms, but the scripts which are to handle the input
which do not validate the content properly, no HTML WYSIWYG will make
the script to validate better, no matter how pretty the form looks like.
> The best way to alleviate those exposures is to learn PHP coding, IMO.
> You may write your first page in HTML, and then use a second PHP page to
> do all the testing of input data on the server-side where no one can see
> it working nor can they easily get past a rotund random code and
> sanitization and validation codes.
Rule one, always validate user input, no matter if it's always your
mother who does the input, one day she may just try to see what happens
if she enters "'; drop database youdatabase; #" as input and as you
never have a backup of the database, you lost everything.
> Also IMO, avoid Captcha code at all costs! Duplicate it yourself, or
> parts of it, like the protection, but don't use their idiotic, hard to
> read code images; they keep out as many people as they do robots.
> Captcha code however is a pretty decent learning code; just don't use
> it<GRIN>.
I would advice to never write your own captcha or copy those average
Aarav (kind of Indian Joe), as they usually do include a lot of issues
with security and validation, if using captcha use something like
reCaptcha from Google.
--
//Aho
|
|
|