RE: [PHP] Site Security
From: Dan Joseph (djoseph_at_duhq.us)
Date: 11/05/03
- Next message: Chris Shiflett: "Re: [PHP] Site Security"
- Previous message: Shaun: "Site Security"
- In reply to: Shaun: "Site Security"
- Next in thread: Shaun: "Re: [PHP] Site Security"
- Reply: Shaun: "Re: [PHP] Site Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
To: <php-general@lists.php.net> Date: Wed, 5 Nov 2003 14:09:10 -0500
Hi,
> I have created a site that allows users to schedule staff, make
> appointments
> etc. Users must log in to use the site and the users data is held in the
> Users table of the MySQL database. However, due to the nature of
> the site I
> need to make sure it is 110% secure against hacks etc. Now I know
> this isn't
> actually possible but I would appreciate any advice on how I can get it as
> secure as possible, I have no experience on this aspect of web
> development.
Turn off register globals. Validate all form posts for bogus data. Check
that the cookie hasn't been changed with bad characters malliciously.
Things like that. Try and break into the site w/o logging in. We paid for
a security audit from a company called @stake (www.atstake.com). If you can
afford it, I'd contract someone to audit you.
-Dan Joseph
- Next message: Chris Shiflett: "Re: [PHP] Site Security"
- Previous message: Shaun: "Site Security"
- In reply to: Shaun: "Site Security"
- Next in thread: Shaun: "Re: [PHP] Site Security"
- Reply: Shaun: "Re: [PHP] Site Security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
