himynameismark Posted August 19, 2011 Share Posted August 19, 2011 I am working on coding a blog by hand for a friend (partially because she doesn't like Wordpress, partially because I want to know that I am capable of hand coding an easily-customizable blog). I just finished her login page yesterday, importing her username and password directly into a database using phpMyAdmin. What should I do for security precautions to protect the database from being hacked? I have been trying to find tutorials on MySQL and PHP security, but I'm having trouble finding one that fits my needs as I have never worked with a database on a live website before.Thanks in advanceMark Link to comment Share on other sites More sharing options...
justsomeguy Posted August 19, 2011 Share Posted August 19, 2011 You need to avoid SQL injection attacks, and make sure that you authenticate a logged-in user for any sensitive work. There's a lot of information online about preventing SQL injection attacks with PHP. Link to comment Share on other sites More sharing options...
Synook Posted August 24, 2011 Share Posted August 24, 2011 Also, you should probably store a hash of the password in the database instead of the password itself, so if it does get compromised the attacker will not immediately have a useable password. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.