Norman Posted February 19, 2007 Share Posted February 19, 2007 If I'm developing a web site, wich type of precautions should I use, for have a secure site? Link to comment Share on other sites More sharing options...
Anders Moen Posted February 19, 2007 Share Posted February 19, 2007 If you use for example inputs so people can add things, that'll go into a database, you should use something like mysql_real_escape_string (read more) Link to comment Share on other sites More sharing options...
aspnetguy Posted February 19, 2007 Share Posted February 19, 2007 that depends on what the website will do. Will you have users logging in? Will you be dealign with personal/sensitive information? you may want to have SSL Link to comment Share on other sites More sharing options...
Norman Posted February 19, 2007 Author Share Posted February 19, 2007 Do you know Gaia Online (www.gaiaonline.com)?Something like that, for italian people, and without all that features! Link to comment Share on other sites More sharing options...
justsomeguy Posted February 19, 2007 Share Posted February 19, 2007 If you're going to develop a major site, you have to worry about people hacking into the database or gaining access to other people's accounts. Read up on SQL injection attacks and how to guard against them:http://en.wikipedia.org/wiki/SQL_injectionAnd put some thought into if you even want to use cookies, and if so, what information you want to store in them. You won't want to create cookies that can be copied to another computer and used to login to the site.If you're doing any payment processing you will definately want to use SSL. Link to comment Share on other sites More sharing options...
Norman Posted February 20, 2007 Author Share Posted February 20, 2007 Thanks for link and advice. However I think I'll not provide payment processings. But let me know one thing. If I follow all these information, during developing my site, then I will be 100% secure? I think no.. right? Link to comment Share on other sites More sharing options...
Jonas Posted February 20, 2007 Share Posted February 20, 2007 There's no such thing as 100% secure. You can possibly, but not probably, be 100% prepared though, meaning you have taken all the precautions you can, both securing the server and the pages themselves against attacks. Link to comment Share on other sites More sharing options...
Norman Posted February 20, 2007 Author Share Posted February 20, 2007 For securing my server, what could I do? I'm hosted by an italian provider. Link to comment Share on other sites More sharing options...
aspnetguy Posted February 20, 2007 Share Posted February 20, 2007 If you are using a hosting provider then they should have taken care of securing their server before selling you space. Link to comment Share on other sites More sharing options...
Norman Posted February 20, 2007 Author Share Posted February 20, 2007 How can I verificate this, if possible? Link to comment Share on other sites More sharing options...
aspnetguy Posted February 20, 2007 Share Posted February 20, 2007 not really, your host won't tell you even if they have some security holes. There are no legal ways, that I know of, to test this. Link to comment Share on other sites More sharing options...
Norman Posted February 20, 2007 Author Share Posted February 20, 2007 Oh, ok. So we only hope! :)Ah, another question. Wich 'languages' need I know, for keep my site secure? Excluded that ones I use for pages. Link to comment Share on other sites More sharing options...
justsomeguy Posted February 20, 2007 Share Posted February 20, 2007 There are no "security languages". Your site is only as secure as you make it. If you use good PHP practices and understand the language, then your site will be more difficult to compromise than a site that has sloppier code in it. Link to comment Share on other sites More sharing options...
Norman Posted February 20, 2007 Author Share Posted February 20, 2007 Yes, but, for example, I will absolutly need to know MySQL (if I will do interactive sites), right? Link to comment Share on other sites More sharing options...
aspnetguy Posted February 20, 2007 Share Posted February 20, 2007 yes you will need to know SQL if you want to interact with databases, but again, how you write the code determines how secure it is. Link to comment Share on other sites More sharing options...
Norman Posted March 5, 2007 Author Share Posted March 5, 2007 Ok, I've another question. If I will be hacked, from where I can see where is the bug, later? Link to comment Share on other sites More sharing options...
Xenon Design Posted March 5, 2007 Share Posted March 5, 2007 Well to know your weakness you have to know how they attacked you and possibly where (what page). From there you'll have to read the code and find the weakness.Its usally a SQL that takes an input like get, post or a cookie and not checked by a 'anti hack' script/function. Link to comment Share on other sites More sharing options...
smiles Posted March 5, 2007 Share Posted March 5, 2007 Ok, I've another question. If I will be hacked, from where I can see where is the bug, later?Mostly, they will change your index pageor worse, they will delete all your file and database . Link to comment Share on other sites More sharing options...
Norman Posted March 5, 2007 Author Share Posted March 5, 2007 Well to know your weakness you have to know how they attacked you and possibly where (what page)And how can I get know of this? Its usally a SQL that takes an input like get, post or a cookie and not checked by a 'anti hack' script/function.I haven't understand, sorry.. Mostly, they will change your index pageor worse, they will delete all your file and database .And, for example, could a hacker use my code that isn't correctly closed (for example)? An <if> that have not its closed tag... this type of things. Link to comment Share on other sites More sharing options...
Xenon Design Posted March 5, 2007 Share Posted March 5, 2007 They will mainly only attack databases and if they can access the pages they will edit them.The way they can delete your database is by exploiting weakneses in your SQL syntax. Heres a common mistake: $sql = "SELECT * FROM users WHERE username ='".$_POST['username']."' AND password = '".$_POST['password']."'";$query = mysql_query($sql); That can be exploited by any SQL Hacker novice. So thats an example of a BAD system. Heres a good one: $user = ereg_replace("[^A-Za-z0-9\-\_]", $_POST['username']);$pass = md5($_POST['password']);$sql = "SELECT * FROM users WHERE username ='".$user."' AND password = '".$pass."'";$query = mysql_query($sql); So the key here is making sure no user submitted data from forms (input boxes etc.) is not a hack.Theres more advanced ways to secure stuff but basically the main thing you have to look out for if you have a database is the user submitted data.You wont be hacked by a faulty script Just an error message :)I hope you understand that BTW Im using PHP as the examples. ASP and others will be different. Link to comment Share on other sites More sharing options...
Norman Posted March 5, 2007 Author Share Posted March 5, 2007 I hope you understand that Really thanks! BTW Im using PHP as the examples. ASP and others will be different.*I'm a noob with SQL, I need to study it*: So, is there a different syntax per language, using SQL? Link to comment Share on other sites More sharing options...
Xenon Design Posted March 5, 2007 Share Posted March 5, 2007 SQL is standard over all languages it just how I wrote the code around it.Jump on to the W3S website and go learn SQL Its DEAD simple and should only take 1 hr tops to learn. Link to comment Share on other sites More sharing options...
Norman Posted March 5, 2007 Author Share Posted March 5, 2007 What you mean with "DEAD"? However, before I need to learn PHP (and maybe XML), for my vBulletin! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now