old guy Posted February 14, 2015 Share Posted February 14, 2015 Hi, I'm new to writting code & looking to write a couple of secure web pages. One where you can log in & out securely using a password. Then a second where you can upload & download some files or folders. Any help on where to start, what code (asp/etc) & what best method(s) of encryption I should use? Thanks for any help or advice. Old Guy. Link to comment Share on other sites More sharing options...
davej Posted February 14, 2015 Share Posted February 14, 2015 The choice of server-side language isn't too relevant but there are a vast number of design considerations. You can find guidelines listed on pages such as OWASP. The complexity of the problem is such that it is really outside the realm of the beginner (to do it all correctly). To get a taste of this you might look at the short OWASP YouTube series which is an overview... https://www.youtube.com/watch?v=CDbWvEwBBxo Link to comment Share on other sites More sharing options...
justsomeguy Posted February 16, 2015 Share Posted February 16, 2015 If you go with PHP, this is a good way to store passwords in the database:http://jeremykendall.net/2014/01/04/php-password-hashing-a-dead-simple-implementation/ Link to comment Share on other sites More sharing options...
old guy Posted February 25, 2015 Author Share Posted February 25, 2015 Thanks Guys, Great info resources. I understand that security is a very complex issue, as possible attacks can come in many forms. But I need to start to learn some basics somewhere, so will give it a go. The OWASP site is full of great info & the clips very helpful too. Thanks, I'm sure I will be asking for some more specific coding help in the near future. Link to comment Share on other sites More sharing options...
davej Posted February 25, 2015 Share Posted February 25, 2015 Yes, I didn't intend to make it sound impossible, but I wanted you to see the enormity of the real problem. For educational purposes you could start experimenting with,,, 1. The need to sanitize and validate all external data. 2. The use of parameterized database queries. 3. The hashing and salting of passwords before they are stored in a database. 4. The methods that avoid the e-mailing of lost passwords. 5. The use of "least privilege" to minimize user threats. 6. The avoidance of known security holes. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now