943,539 Members | Top Members by Rank

Web Development > PHP > How to find out a website is secure?
Ad:
  • PHP Discussion Thread
  • Unsolved
  • Views: 2442
  • PHP RSS
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Aug 10th, 2008
0

How to find out a website is secure?

Expand Post »
Hello all,
I am all set to launch a website on which i have been working from months but now am afraid how safe it might be once it gets attention of hackers . As most of the code in website is in PHP,html,mysql i am posting this in this forum so that i can get suggestions from you all. Websites that are developed by Big companies might undergo testing from various testing tools , tests from hired ethical hackers ,etc, before getting launched where as what about websites that cant afford all those expensive methods. I understand that without undergoing all those procedures no website could be hacker safe but any suggestions about measures to be taken before launching a website would be appreciated.
Thank you all in advance.
Last edited by Kavitha Butchi; Aug 10th, 2008 at 12:14 pm.
Similar Threads
Reputation Points: 10
Solved Threads: 4
Junior Poster in Training
Kavitha Butchi is offline Offline
69 posts
since May 2008
Permalink
Aug 10th, 2008
0

Re: How to find out a website is secure?

Ask your self
  1. Did you do everything to prevent SQL injection
  2. Do you use id values as indentificators, did you secure option for array exploit
  3. Are you using RSS feeds, are they secure
  4. Hosting, who is responsible for website security? You or your web hosting company? Are the folder permission set correctly?
That is just few things you should look into...
Moderator
Featured Poster
Reputation Points: 2786
Solved Threads: 871
Code tags enforcer
peter_budo is offline Offline
6,653 posts
since Dec 2004
Permalink
Aug 11th, 2008
1

Re: How to find out a website is secure?

Take a look here for a couple of small functions that will help you, in terms of handling user input.

Also, if you're passing a variable from $_GET, then you can use a type-finding function to help your security. Eg. if you have something like "?id=53" in your URL, then you can just check it using the isnumeric() function. Then no hackers will have a chance.

Remember, if you have no user input, then you'll be perfectly safe. But if you have input, then remember the number one security rule (well, mine, anyway): you can never trust the user.
Reputation Points: 12
Solved Threads: 6
Light Poster
Demiloy is offline Offline
48 posts
since Aug 2008
Permalink
Aug 11th, 2008
1

Re: How to find out a website is secure?

hello see this article is really nice:
http://info.ssl.com/article.aspx?id=10068
http://webdesign.about.com/od/ecommerce/a/aa070407.htm
And keep in mind:
->encode and decode your passwords perfectly..
->be careful about using trusted payment gateways...
->be away of sql injections..
Last edited by Shanti C; Aug 11th, 2008 at 7:06 am. Reason: added one more line
Reputation Points: 137
Solved Threads: 162
Posting Virtuoso
Shanti C is offline Offline
1,641 posts
since Jul 2008
Permalink
Aug 11th, 2008
0

Re: How to find out a website is secure?

Thank you peter_budo, Demiloy and Shanthi for your time.
I shall look into all those security measures now and shall make sure I complete all of them before releasing the site.
If anybody knows some more security measures that are to be taken before launching a website please share them here.
Appreciate your time in advance

Thank you
Reputation Points: 10
Solved Threads: 4
Junior Poster in Training
Kavitha Butchi is offline Offline
69 posts
since May 2008
Permalink
Aug 11th, 2008
0

Re: How to find out a website is secure?

[QUOTE=peter_budo;666783][list=1]
[*]Do you use id values as indentificators, did you secure option for array exploit


Hi peter_budo,

Can you please tell what are indentificators..

Thanks in advance
Reputation Points: 10
Solved Threads: 4
Junior Poster in Training
Kavitha Butchi is offline Offline
69 posts
since May 2008
Permalink
Aug 11th, 2008
-1

Re: How to find out a website is secure?

I can not remember exactly what was it but it had something to do with "id" passing values in following format WEB_ADDRESS/page.php?id=32, when adding square brackets [] after "id" will show site structure. I will try to find where I read about it and let you know.
Moderator
Featured Poster
Reputation Points: 2786
Solved Threads: 871
Code tags enforcer
peter_budo is offline Offline
6,653 posts
since Dec 2004
Permalink
Aug 11th, 2008
1

Re: How to find out a website is secure?

Click to Expand / Collapse  Quote originally posted by peter_budo ...
I can not remember exactly what was it but it had something to do with "id" passing values in following format WEB_ADDRESS/page.php?id=32, when adding square brackets [] after "id" will show site structure. I will try to find where I read about it and let you know.
Again, I think if you just check it using is_numeric, you should be fine.
Reputation Points: 12
Solved Threads: 6
Light Poster
Demiloy is offline Offline
48 posts
since Aug 2008
Permalink
Aug 16th, 2008
0

Re: How to find out a website is secure?

thnx Demiloy & Peter_budo I made use of is_numeric().

Now,
when user manipulates the url like,

when the url is www.example.com/xyz.php/userid=22

how to avoid displaying results when user changes the userid from 22 to someother number in the url.

Basically, my site has a search page, when on submitting the username in search, if username exists then linnk is given.

when clicked ,www.example.com/xyz.php/userid=22 appears in the address bar.

how to avoid displaying results when users manipulates the userid there?

Anyhelp is apreciated.

Thankyou all.
Last edited by Kavitha Butchi; Aug 16th, 2008 at 5:40 pm.
Reputation Points: 10
Solved Threads: 4
Junior Poster in Training
Kavitha Butchi is offline Offline
69 posts
since May 2008
Permalink
Aug 16th, 2008
-1

Re: How to find out a website is secure?

You do not want to keep user identification as part of the URL. Put these data into session.
Moderator
Featured Poster
Reputation Points: 2786
Solved Threads: 871
Code tags enforcer
peter_budo is offline Offline
6,653 posts
since Dec 2004

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in PHP Forum Timeline: Image upload from, Form into Folder and MySQL
Next Thread in PHP Forum Timeline: create array from string of values





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC