/    Sign up×
Community /Pin to ProfileBookmark

Security Tricks

Copy linkTweet thisAlerts:
Nov 21.2006

Hi All,

There are some tricks some techniques from which we can save our site information specially if it deals with online payment method.

I am very much eager to know about those techniques.

Suppose I will be using php as a server side language and what type of measures I can take to stop hackers from hacking my site information.

Can you plz tell me what are the tricks I should follow to keep my site secure.

Thanks in advance for your earnest co-operation.

luv…………..Raj

to post a comment
PHP

4 Comments(s)

Copy linkTweet thisAlerts:
@legendxNov 21.2006 — yeah, SSL when you're dealing with any kind of financial transaction.
Copy linkTweet thisAlerts:
@raj_2006authorNov 22.2006 — Hi

Thanks for your post.Yes SSL is one of the best way to handle the transactions secured.

I am telling that is there any other small tricks like renaming the directories... OR using htaccess(if i use .htaccess then what will be the usage).............sending the multiple value in the url like .php?id=4&trid=qwert345.....or how can i secure the posted form values

generally i do in this way:

[code=php]if(isset($_POST['submit']))
{
//fetch the form posted values and is it the best way to do in this way
}

//which one is the best

if(isset($_POST['submit'])=="Submit")
{
//fetch the form posted values and is it the best way to do in this way
}[/code]

I mean I want to know what are the small measures i will take to hide the site information from a hacker?

Thanks

Raj
Copy linkTweet thisAlerts:
@hyperliskNov 22.2006 — If you are sending things through the URL, then you should make an array of possible values. Like if you are only expecting 1 of three values:

[code=php]
$allowed = array('1st thing'=>1,'2nd thing'=>1,'3rd thing'=>1);
$test = $_GET['test'];
if(!isset($allowed[$test]) || !$allowed[$test]){
die("Invalid value found for 'test' field!");
}
[/code]
Of course you can only do that for fields that have an expected value such as SELECT boxes.
Copy linkTweet thisAlerts:
@sb_Nov 22.2006 — Well it boils down to a few things. You need to make sure that your directory permissions are set correctly (man chmod). You also need to make sure that your scripts are secure. You can run a fuzzer through it ([URL=http://www.owasp.org/index.php/Fuzzing_with_WebScarab]WebScarab[/URL] ) appears to be pretty good and it is probably a good idea hand check it as well. Some people are all into that chroot, but it has some issues so it is probably worth locking down your system without that. Using custom sessions that are possibly database and IP based to help prevent man-in-the-middle and other types of attacks.
×

Success!

Help @raj_2006 spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.14,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...