FUDforum: comp.lang.php » Secure website

Home » Imported messages » comp.lang.php » Secure website

Show: Today's Messages :: Polls :: Message Navigator

Re: Secure website [message #183544 is a reply to message #183542]

Wed, 30 October 2013 17:03

J.O. Aho
Messages: 194
Registered: September 2010

Karma:

Senior Member

On 30/10/13 15:47, Graham Hobbs wrote:

> Thanks for that info. It seems I need to learn the comcepts behind
> post/get/database etc .. is this how one codes for a dialogue with my
> site? Besides the PHP manual, might there be such things as 'template'
> examples?

The exmples at php.net are just basic ones to show how the function
works, I suggest you read comments and look for those who talk about
security and injection prevention and avoid examples made by Indian
developers, those generally are prone for header/sql injections and has
poor security awarness.

Remember to always check user generated data (say name, email and other
things they might enter in a form, or is used in an URL), have white
lists which contains which type of data you allow, for example you may
only allow names written with latin characters, then regexp so it only
contains lating characters and if there is something else, just throw
out an "invalid data" error or ask the user to enter proper data and do
not process anything futher untill you have OK data.

--

//Aho

Report message to a moderator

[Message index]

		Secure website By: Graham Hobbs on Wed, 30 October 2013 03:02
		Re: Secure website By: Denis McMahon on Wed, 30 October 2013 03:26
		Re: Secure website By: J.O. Aho on Wed, 30 October 2013 05:52
		Re: Secure website By: Graham Hobbs on Wed, 30 October 2013 14:47
		Re: Secure website By: J.O. Aho on Wed, 30 October 2013 17:03
		Re: Secure website By: Graham Hobbs on Wed, 30 October 2013 23:18
		Re: Secure website By: Jerry Stuckle on Wed, 30 October 2013 18:56
		Re: Secure website By: Graham Hobbs on Wed, 30 October 2013 23:15
		Re: Secure website By: Jerry Stuckle on Thu, 31 October 2013 03:03
		Re: Secure website By: Graham Hobbs on Thu, 31 October 2013 14:27
		Re: Secure website By: Jerry Stuckle on Thu, 31 October 2013 15:24
		Re: Secure website By: Graham Hobbs on Thu, 31 October 2013 16:47
		Re: Secure website By: Jerry Stuckle on Fri, 01 November 2013 00:36
		Re: Secure website By: David Quinton on Thu, 31 October 2013 10:24
		Re: Secure website By: Graham Hobbs on Thu, 31 October 2013 14:28

Previous Topic:	reading files with accents in the filename from PHP
Next Topic:	No action desired until one button is clicked

Goto Forum:

-=] Back to Top [=-

[ Syndicate this forum (XML) ] [

]

Current Time: Thu Sep 19 17:12:14 GMT 2024

Total time taken to generate the page: 0.05128 seconds