Hello all,
I am all set to launch a website on which i have been working from months but now am afraid how safe it might be once it gets attention of hackers . As most of the code in website is in PHP,html,mysql i am posting this in this forum so that i can get suggestions from you all. Websites that are developed by Big companies might undergo testing from various testing tools , tests from hired ethical hackers ,etc, before getting launched where as what about websites that cant afford all those expensive methods. I understand that without undergoing all those procedures no website could be hacker safe but any suggestions about measures to be taken before launching a website would be appreciated.
Thank you all in advance.
Kavitha Butchi
0
Junior Poster in Training
Recommended Answers
Jump to PostAsk your self
- Did you do everything to prevent SQL injection
- Do you use id values as indentificators, did you secure option for array exploit
- Are you using RSS feeds, are they secure
- Hosting, who is responsible for website security? You or your web hosting company? Are the folder …
Jump to PostTake a look here for a couple of small functions that will help you, in terms of handling user input.
Also, if you're passing a variable from $_GET, then you can use a type-finding function to help your security. Eg. if you have something like "?id=53" in …
Jump to Posthello see this article is really nice:
http://info.ssl.com/article.aspx?id=10068
http://webdesign.about.com/od/ecommerce/a/aa070407.htm
And keep in mind:
->encode and decode your passwords perfectly..
->be careful about using trusted payment gateways...
->be away of sql injections..
Jump to PostI can not remember exactly what was it but it had something to do with "id" passing values in following format WEB_ADDRESS/page.php?id=32, when adding square brackets [] after "id" will show site structure. I will try to find where I read about it and let you know.
Again, I think …
Jump to PostAlso speaking of session exploitation, if you post any user input directly to the webpage, make sure to use htmlentities() to verify that no javascript is being slipped in. This will also ensure that someone can't disrupt your html page structure.
All 19 Replies
peter_budo
2,532
Code tags enforcer
Team Colleague
Featured Poster
Kavitha Butchi
commented:
thnx for your time, I shall look for all the security measures you have mentioned
+1
Demiloy
2
Light Poster
Kavitha Butchi
commented:
thnx for you time, found the link helpful
+1
Shanti C
106
Posting Virtuoso
Kavitha Butchi
commented:
thnk you Shanthi :). Found those links very helpful.
+1
Kavitha Butchi
0
Junior Poster in Training
Kavitha Butchi
0
Junior Poster in Training
peter_budo
2,532
Code tags enforcer
Team Colleague
Featured Poster
Demiloy
2
Light Poster
Kavitha Butchi
commented:
thnx it worked
+1
Kavitha Butchi
0
Junior Poster in Training
peter_budo
2,532
Code tags enforcer
Team Colleague
Featured Poster
scru
909
Posting Virtuoso
Featured Poster
Kavitha Butchi
commented:
Thankyou scru, shall add this.
+1
Shanti C
106
Posting Virtuoso
Kavitha Butchi
commented:
sure shanthi :)
+1
R0bb0b
344
Posting Shark
scru
commented:
Indeed.
+3
Kavitha Butchi
commented:
shall replace all user inputs with html entitites. thnx for you time
+1
Kavitha Butchi
0
Junior Poster in Training
Dekudude
0
Light Poster
~s.o.s~
2,560
Failure as a human
Team Colleague
Featured Poster
Kavitha Butchi
commented:
sure, i shall take care of that now
+1
R0bb0b
344
Posting Shark
~s.o.s~
2,560
Failure as a human
Team Colleague
Featured Poster
scru
commented:
High traffic sites shouldn't use shared hosting.
+3
R0bb0b
344
Posting Shark
Kavitha Butchi
0
Junior Poster in Training
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.